Hide Forgot
SELinux is preventing /home/logan/.cedega/.winex_ver/winex-2010121/winex/bin/wine-preloader from 'mmap_zero' accesses on the memprotect Unknown. ***** Plugin mmap_zero (53.1 confidence) suggests ************************** If you do not think /home/logan/.cedega/.winex_ver/winex-2010121/winex/bin/wine-preloader should need to mmap low memory in the kernel. Then you may be under attack by a hacker, this is a very dangerous access. Do contact your security administrator and report this issue. ***** Plugin catchall_boolean (42.6 confidence) suggests ******************* If you want to control the ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean. Do setsebool -P mmap_low_allowed 1 ***** Plugin catchall (5.76 confidence) suggests *************************** If you believe that wine-preloader should be allowed mmap_zero access on the Unknown memprotect by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep wine /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ memprotect ] Source wine Source Path /home/logan/.cedega/.winex_ver/winex-2010121/winex /bin/wine-preloader Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux Logan5 2.6.38.7-30.fc15.x86_64 #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 Alert Count 2 First Seen Thu 09 Jun 2011 12:34:03 PM CDT Last Seen Thu 09 Jun 2011 12:40:49 PM CDT Local ID a0289ee9-8837-4cc0-856d-6b013b80ae30 Raw Audit Messages type=AVC msg=audit(1307641249.399:92): avc: denied { mmap_zero } for pid=9983 comm="wine" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect type=SYSCALL msg=audit(1307641249.399:92): arch=i386 syscall=chmod per=600000 success=no exit=EACCES a0=ffde0528 a1=ffde0528 a2=5a a3=0 items=0 ppid=5464 pid=9983 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=wine exe=/home/logan/.cedega/.winex_ver/winex-2010121/winex/bin/wine-preloader subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: wine,unconfined_t,unconfined_t,memprotect,mmap_zero audit2allow #============= unconfined_t ============== #!!!! This avc is allowed in the current policy allow unconfined_t self:memprotect mmap_zero; audit2allow -R #============= unconfined_t ============== #!!!! This avc is allowed in the current policy allow unconfined_t self:memprotect mmap_zero;
The alert told you everything you need to know. If you want to use wine, and SELinux is breaking the app, you need to turn the boolean on.
(In reply to comment #1) > The alert told you everything you need to know. If you want to use wine, and > SELinux is breaking the app, you need to turn the boolean on. I am brand new to linux man, do i enter the two lines in the terminal with the "X" command? also, what is a boolean?
A boolean is a flag that you can set within SELinux to turn on or off policy. If you need to run this wine app on your linux box, and it will not work properly you can get a root shell and execute # setsebool -P mmap_low_allowed 1 And SELinux will then allow the access. What application do you want to run within wine?