Description of problem: SELinux is preventing /home/dale/.local/share/Steam/SteamApps/rxguy/Team Fortress 2/hl2_linux from using the 'execheap' accesses on a process. ***** Plugin allow_execheap (53.1 confidence) suggests ********************* If you do not think /home/dale/.local/share/Steam/SteamApps/rxguy/Team Fortress 2/hl2_linux should need to map heap memory that is both writable and executable. Then you need to report a bug. This is a potentially dangerous access. Do contact your security administrator and report this issue. ***** Plugin catchall_boolean (42.6 confidence) suggests ******************* If you want to allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean. You can read 'unconfined_selinux' man page for more details. Do setsebool -P selinuxuser_execheap 1 ***** Plugin catchall (5.76 confidence) suggests *************************** If you believe that hl2_linux should be allowed execheap access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep hl2_linux /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects [ process ] Source hl2_linux Source Path /home/dale/.local/share/Steam/SteamApps/rxguy/Team Fortress 2/hl2_linux Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.11.1-73.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-01-19 09:31:53 AST Last Seen 2013-01-26 20:41:17 AST Local ID 71e8f3b6-749d-47bb-8db9-8270beff9728 Raw Audit Messages type=AVC msg=audit(1359247277.373:1848): avc: denied { execheap } for pid=32297 comm="hl2_linux" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1359247277.373:1848): arch=i386 syscall=capget success=no exit=EACCES a0=9f36000 a1=c000 a2=7 a3=ffec15dc items=0 ppid=32292 pid=32297 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=5 tty=pts0 comm=hl2_linux exe=2F686F6D652F64616C652F2E6C6F63616C2F73686172652F537465616D2F537465616D417070732F72786775792F5465616D20466F72747265737320322F686C325F6C696E7578 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: hl2_linux,unconfined_t,unconfined_t,process,execheap audit2allow #============= unconfined_t ============== #!!!! This avc can be allowed using the boolean 'selinuxuser_execheap' allow unconfined_t self:process execheap; audit2allow -R #============= unconfined_t ============== #!!!! This avc can be allowed using the boolean 'selinuxuser_execheap' allow unconfined_t self:process execheap; Additional info: hashmarkername: setroubleshoot kernel: 3.7.4-204.fc18.x86_64 type: libreport
You can allow it using # setsebool -P selinuxuser_execheap 1
BTW execheap should almost never be needed and is often a sign of badly written code.
*** Bug 904469 has been marked as a duplicate of this bug. ***
URL for this bug with Valve, https://github.com/ValveSoftware/steam-for-linux/issues/43 Valve reply was: It shouldn't crash anymore. But you won't get any mp3 audio as the decoder can't JIT.
Someone needs to open a bug with steam about this. This is considered a fairly dangerous access, and probably should not be required. Almost no other apps require this access. This link http://www.akkadia.org/drepper/selinux-mem.html explains the memory protections, and should be included in a steam bugzilla.
*** Bug 964376 has been marked as a duplicate of this bug. ***
*** Bug 979647 has been marked as a duplicate of this bug. ***
*** Bug 1226045 has been marked as a duplicate of this bug. ***
Description of problem: STEAM game, half life 2 Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport
Description of problem: Problem occured during browsing while the game was running in the background. Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport
Description of problem: Play in steam game Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport
*** Bug 1387740 has been marked as a duplicate of this bug. ***
*** Bug 1379164 has been marked as a duplicate of this bug. ***
Description of problem: Start Counter Strike Source Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: It occurs when playing Steam games Version-Release number of selected component: selinux-policy-3.13.1-225.3.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.14-300.fc25.x86_64 type: libreport
Description of problem: launching game from steam Version-Release number of selected component: selinux-policy-3.13.1-225.6.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.5-200.fc25.x86_64 type: libreport