Description of problem: Prevent access wine to low memory I am very tired of the problems with SE Linux and Wine "SELinux is preventing wine-preloader from 'mmap_zero' accesses on the memprotect" https://bugzilla.redhat.com/show_bug.cgi?id=870652 Why can't alter Wine for not to use low memory?
*** Bug 965356 has been marked as a duplicate of this bug. ***
*** Bug 964652 has been marked as a duplicate of this bug. ***
*** Bug 964377 has been marked as a duplicate of this bug. ***
*** Bug 665665 has been marked as a duplicate of this bug. ***
Description of problem: Launch CrossOver Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.8-300.fc19.x86_64 type: libreport
Description of problem: I just use "wine" to run "QQ",but the "SELinux" reminds me this problem. AND I try to "sudo grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol" to allow it,but the terminal show that "bash: audit2allow: 未找到命令..."......why????? It never happened in old versions Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.8-300.fc19.x86_64 type: libreport
Description of problem: Installed and opened Teamviewer 8.0.17147 Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.8-300.fc19.i686 type: libreport
On fedora 19 setsebool -P wine_mmap_zero_ignore=1 does not work, selinux stills alert about wine-preloader
Description of problem: I couldnt repeat the bug however i was trying to install an game via PlayonLinux script Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-301.fc19.x86_64 type: libreport
Description of problem: install netflix netflix will not work when trying to run for the first time after install Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-302.fc19.x86_64 type: libreport
Description of problem: installing corefonts with winetricks Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-302.fc19.x86_64 type: libreport
Description of problem: Attempting to open any wine application results in an SELinux denial. Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-302.fc19.x86_64 type: libreport
Description of problem: Ran eve, got error. Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-302.fc19.x86_64 type: libreport
Description of problem: install QQ 2013 with wine Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.10.3-300.fc19.i686 type: libreport
Description of problem: /Trying to run winecfg in wine-1.6-2.fc20.x86_64 on a fc19 system. Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.10.3-300.fc19.x86_64 type: libreport
Description of problem: I get a message that reads "New SELinux security alert AVC denial, click icon to view" When I click the icon it gives me three options to take, the tird one says to report it as a bug. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.4-300.fc19.i686 type: libreport
Description of problem: não sei como aconteceu! Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.5-201.fc19.x86_64 type: libreport
Description of problem: I am getting error message for quite sometime, not sure why. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.5-201.fc19.x86_64 type: libreport
Description of problem: Installed the lastest wine from fedora's own repo Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.7-200.fc19.x86_64 type: libreport
Description of problem: This happens on boot and several times during runtime. It seems to be access that Teamviewer 8 is trying run. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: Install wine Remove ~/.wine Run winecfg The "check engine" icon appears in the tray Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.i686 type: libreport
I believe the selinux policy should be changed for Wine until Wine is patched. I can reproduce the problem with winecfg, which is a utility packaged with Wine. No Windows executables are involved at all. So it appears that Wine could do it better. However, selinux alerts should be reserved for unknown access violations, and this is a known problem. In my case, the problem is reproduced on a completely up-to-date Fedora 19 system (32-bit i686) with wine-1.7.0-1.fc19
wine is doing something unsafe to support legacy 16bit windows application. wine will usually function just fine despite this denial. If you wish to allow it, you may follow the suggestions of the trouble shooter. If you wish to hide it, (i think) you may also follow those instructions in the troubleshooter. SELinux is doing the right thing. Keeping wine from doing performing potentially dangerous operations. It will not be changed. The power is yours.
(In reply to Eric Paris from comment #23) > If you wish to > allow it, you may follow the suggestions of the trouble shooter. Well, that's an issue - the suggestions of modifying local policy don't work.
Description of problem: I tried using wine to run FileMaker Pro Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
(In reply to Eric Paris from comment #23) I normally disable SELinux after I get tired of the warnings. I don't think Fedora maintainers should set such low standards. The software distributed by Fedora (and winecfg is such software) should not trigger SELinux warnings when used in the intended way. Cannot we have a policy that would disable known unsafe behavior without alerting users? That may be the best (albeit not ideal) option.
Description of problem: at startup Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: I tried to load the Wine Configuration form the main menu... Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.10-200.fc19.x86_64 type: libreport
Description of problem: I started Spotify up and Fedora notified me that this problem occured, it does not seem to affect Spotify's operation though. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.10-200.fc19.x86_64 type: libreport
After some consideration I came to think that hiding warnings would be bad. Either Wine should be configured/patched to omit 16-bit support (since we consider it unsafe), or the SELinux policy should allow mmap_zero in wine.
There are many SELinux rules that are hidden from you (dontaudit). I see three options for this bug but feel free to add more. 1. Add this AVC to don't audit. 2. Open an upstream bug to move low memory support to a non-default configuration flag or remove it entirely. 3. Do nothing. I'm inclined to do option 2 and ask that OS versions < XP turn on this support but >= XP do not. Since Wine defaults to XP this message would go away for most people.
Description of problem: Install any game using Playonlinux scripts (i havent tried normal wine but i suspect its the same) If i remember correctly you should get selinux nmap low memory in kernel If not try to launch the game in my current configuration i get /usr/bin/wine-preloader should need to mmap low memory everytime Wine version 1.4.1 Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: I had just changed the amount of memory DOSBox gives Redneck Rampage from 32 MB to 48, trying to get rid of lag. (It didn't.) When I exited the game, I had this alert. I've played the game before with no trouble, so I don't know if it's the extra memory allocation or what. Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.10.11-200.fc19.i686.PAE type: libreport
Description of problem: When run Wine, it is stoped by SEKinux and it dont work. Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-200.fc19.x86_64 type: libreport
Description of problem: I launched wine 1.7.2 with Microsoft Word 2007 Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-200.fc19.x86_64 type: libreport
Description of problem: working with wine Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-200.fc19.x86_64 type: libreport
Description of problem: I was trying to run teamviewer and was getting this error Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-200.fc19.x86_64 type: libreport
Description of problem: Loading a windows application(Corel Draw 11) with wine Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.1-200.fc19.i686 type: libreport
Description of problem: trying to run Wine at all Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.2-201.fc19.x86_64 type: libreport
Description of problem: can't run wine with out this popping up ... and if you try the selinux trouble shooters fix you get an error grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol compilation failed: sh: /usr/bin/checkmodule: No such file or directory Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.2-201.fc19.x86_64 type: libreport
Description of problem: Dear, when using the wine get the error access SELinux. Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-201.fc19.x86_64 type: libreport
Description of problem: 1.- Reboot my lap-top 2.- The system don't start 3.- Only I had seen the logo of fedora 4.- Never start. Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.i686 type: libreport
Description of problem: Tried to start Teamviewer8 Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-201.fc19.x86_64 type: libreport
Description of problem: Teamviewer8 Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-201.fc19.x86_64 type: libreport
Description of problem: Start Wine Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.6-200.fc19.i686.PAE type: libreport
Description of problem: by start a game (geheimakte 2 - puritas cordis) with wine Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.6-200.hu.1.fc19.i686 type: libreport
Description of problem: by start "video cache view" with wine Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.6-200.hu.1.fc19.i686 type: libreport
Description of problem: this message appears when I upgrade wine Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.6-200.fc19.x86_64 type: libreport
Description of problem: I installed the team viewer 8 and I tried also the version 9 (beta). When I tried to run it, the bug occured. Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.6-201.fc19.x86_64 type: libreport
Description of problem: Tried to use wine preloader Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-201.fc19.x86_64 type: libreport
Description of problem: When i run Wine File this error happend on SELinux Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.7-200.fc19.x86_64 type: libreport
Description of problem: Starting Crossover. ABRT complains. Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.7-200.fc19.x86_64 type: libreport
Description of problem: Tried to run OSU!(a windows music game) and failed. Terminal said: [rpmaker@fab SOURCES]$ wine /run/media/rpmaker/XP/Program\ Files/osu\!/osu\!.exe err:mscoree:load_mono Could not load Mono into this process Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.12.0-1.fc21.i686 type: libreport
Description of problem: I was trying to run an old Windows program to find out if I needed it or not and got this alert. (As it happens, I don't need it any more and have deleted it.) Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.8-200.fc19.i686.PAE type: libreport
Description of problem: when ever click on "open with winehq " this SELinux thing pops up Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.8-200.fc19.x86_64 type: libreport
Description of problem: Start the windows steam client in wine. Error happens at startup. Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.9-200.fc19.x86_64 type: libreport
Description of problem: I simply installed TeamViwer 9 on Linux with the sudo yum localinstall *.rpm command and when I initially activated the client the SELinux violation had occurred... Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.x86_64 type: libreport
Description of problem: When I tried to start wine Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.11.10-200.fc19.x86_64 type: libreport
Description of problem: running wine Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.6-200.fc19.x86_64 type: libreport
Description of problem: while installing and attempting to run Lightroom 5 from Adobe Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.6-200.fc19.x86_64 type: libreport
Description of problem: This problem appears every time I start Teamviewer v. 9.0.24147 Dev wine-1.6 (latest release). Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.7-200.fc19.x86_64 type: libreport
Description of problem: Tried opening Safari browser installed under Wine - instead of starting up staright away, got a few AVC denials and the Safari loaded. Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.x86_64 type: libreport
Isn't this fixed by using wine-staging?
No. Wine has removed this requirement. I no longer see SELinux denials on vanilla wine.