Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 618693 - Getting avc on WineMine startup
Getting avc on WineMine startup
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: wine (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Andreas Bierfert
Fedora Extras Quality Assurance
: 783889 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2010-07-27 10:46 EDT by Lubos Kocman
Modified: 2013-06-07 11:03 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubos Kocman 2010-07-27 10:46:16 EDT

SELinux has prevented wine from performing an unsafe memory operation.

Detailed Description:

SELinux denied an operation requested by wine-preloader, a program used to run
Windows applications under Linux. This program is known to use an unsafe
operation on system memory but so are a number of malware/exploit programs which
masquerade as wine. If you were attempting to run a Windows program your only
choices are to allow this operation and reduce your system security against such
malware or to refrain from running Windows applications under Linux. If you were
not attempting to run a Windows application this indicates you are likely being
attacked by some for of malware or program trying to exploit your system for
nefarious purposes. Please refer to
http://wiki.winehq.org/PreloaderPageZeroProblem Which outlines the other
problems wine encounters due to its unsafe use of memory and solutions to those

Allowing Access:

If you decide to continue to run the program in question you will need to allow
this operation. This can be done on the command line by executing: # setsebool
-P mmap_low_allowed 1

Fix Command:

/usr/sbin/setsebool -P mmap_low_allowed 1

Additional Information:

Source Context                unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
Target Objects                None [ memprotect ]
Source                        wine-preloader
Source Path                   /usr/bin/wine-preloader
Port                          <Unknown>
Host                          dhcp-28-248.brq.redhat.com
Source RPM Packages           wine-core-1.2.0-1.el6
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-34.el6
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   wine
Host Name                     dhcp-28-248.brq.redhat.com
Platform                      Linux dhcp-28-248.brq.redhat.com
                              2.6.32-52.el6.x86_64 #1 SMP Wed Jul 21 11:50:07
                              EDT 2010 x86_64 x86_64
Alert Count                   1
First Seen                    Tue 27 Jul 2010 04:34:30 PM CEST
Last Seen                     Tue 27 Jul 2010 04:34:30 PM CEST
Local ID                      c101e584-02df-4b24-87e2-71161031ab6c
Line Numbers                  

Raw Audit Messages            

node=dhcp-28-248.brq.redhat.com type=AVC msg=audit(1280241270.921:606): avc:  denied  { mmap_zero } for  pid=26380 comm="wine-preloader" scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect

node=dhcp-28-248.brq.redhat.com type=SYSCALL msg=audit(1280241270.921:606): arch=40000003 syscall=90 success=no exit=-13 a0=fff98790 a1=0 a2=fff98790 a3=5a items=0 ppid=1 pid=26380 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) ses=2 comm="wine-preloader" exe="/usr/bin/wine-preloader" subj=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 key=(null)
Comment 1 Eric Paris 2013-06-07 11:03:28 EDT
*** Bug 783889 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.