Summary: Your system may be seriously compromised! /home/antifreeze/Desktop/EmeraldViewer-i686-1.4.0.2439/bin/snowglobe-do-not-run-directly attempted to mmap low kernel memory. Detailed Description: SELinux has denied the snowglobe-do-no the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Allowing Access: Contact your security administrator and report this issue. Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects None [ memprotect ] Source snowglobe-do-no Source Path /home/antifreeze/Desktop/EmeraldViewer-i686-1.4.0. 2439/bin/snowglobe-do-not-run-directly Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-41.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name mmap_zero Host Name (removed) Platform Linux (removed) 2.6.33.6-147.2.4.fc13.i686 #1 SMP Fri Jul 23 17:27:40 UTC 2010 i686 i686 Alert Count 89 First Seen Tue 10 Aug 2010 12:30:02 PM CDT Last Seen Tue 10 Aug 2010 12:30:18 PM CDT Local ID c29ddb69-baa0-4b3f-95b4-1af20c282676 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1281461418.540:23609): avc: denied { mmap_zero } for pid=15617 comm="snowglobe-do-no" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1281461418.540:23609): arch=40000003 syscall=192 per=400000 success=no exit=-13 a0=0 a1=1000 a2=3 a3=22 items=0 ppid=15593 pid=15617 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="snowglobe-do-no" exe="/home/antifreeze/Desktop/EmeraldViewer-i686-1.4.0.2439/bin/snowglobe-do-not-run-directly" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash String generated from mmap_zero,snowglobe-do-no,unconfined_t,unconfined_t,memprotect,mmap_zero audit2allow suggests: #============= unconfined_t ============== #!!!! This avc can be allowed using the boolean 'mmap_low_allowed' allow unconfined_t self:memprotect mmap_zero;
The alert says it all. It is up to you whether you trust snowglobe-do-not-run-directly. This is a very dangerous access.