Hide Forgot
SELinux is preventing /home/rm3/parallel_studio_xe_2011_update1/pset/tools/cpu_check/64/cpu_check from using the 'execstack' accesses on a process. ***** Plugin allow_execstack (53.1 confidence) suggests ******************** If you believe that None should not require execstack Then you should clear the execstack flag and see if /home/rm3/parallel_studio_xe_2011_update1/pset/tools/cpu_check/64/cpu_check works correctly. Report this as a bug on None. You can clear the exestack flag by executing: Do execstack -c None ***** Plugin catchall_boolean (42.6 confidence) suggests ******************* If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla Then you must tell SELinux about this by enabling the 'allow_execstack' boolean. Do setsebool -P allow_execstack 1 ***** Plugin catchall (5.76 confidence) suggests *************************** If you believe that cpu_check should be allowed execstack access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep cpu_check /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ process ] Source cpu_check Source Path /home/rm3/parallel_studio_xe_2011_update1/pset/too ls/cpu_check/64/cpu_check Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.7-40.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.35.13-91.fc14.x86_64 #1 SMP Tue May 3 13:23:06 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Sun 22 May 2011 06:23:26 PM EDT Last Seen Sun 22 May 2011 06:23:26 PM EDT Local ID 57aef77d-628e-41f4-afad-ddc91a00bcb8 Raw Audit Messages type=AVC msg=audit(1306103006.464:28722): avc: denied { execstack } for pid=11882 comm="cpu_check" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1306103006.464:28722): arch=x86_64 syscall=mprotect success=yes exit=0 a0=7fffe6009000 a1=1000 a2=1000007 a3=307f41f000 items=0 ppid=9871 pid=11882 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=cpu_check exe=/home/rm3/parallel_studio_xe_2011_update1/pset/tools/cpu_check/64/cpu_check subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: cpu_check,unconfined_t,unconfined_t,process,execstack audit2allow #============= unconfined_t ============== #!!!! This avc can be allowed using the boolean 'allow_execstack' allow unconfined_t self:process execstack; audit2allow -R #============= unconfined_t ============== #!!!! This avc can be allowed using the boolean 'allow_execstack' allow unconfined_t self:process execstack;
Installation of INTEL parallel_studio_xe_2011_update1 on HP Pavilion p6621c Desktop PC. Admitted that INTEL does not declare support for AMD processors.
The software you are trying to run has a potential security issue that SELinux is warning you about. Although it is possible to override the policy as suggested within the notification itself, it should be reported to the vendor. You can find the technical details at http://www.akkadia.org/drepper/selinux-mem.html
If you want to trust applications that you download to your machine you might as well turn this check off. setsebool -P allow_execstack 1