selinux and blueman applet
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 7 17:51:58 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/06/2013 06:55 PM, nonamedotc wrote:
> Could anyone please shed some light on this selinux warning?
>
> SELinux is preventing /usr/bin/python2.7 from using the execmem access on
> a process.
>
> Plugin: catchall you want to allow python2.7 to have execmem access on the
> processIf you believe that python2.7 should be allowed execmem access on
> processes labeled blueman_t by default. You should report this as a bug.
> You can generate a local policy module to allow this access. Allow this
> access for now by executing: # grep blueman-mechani
> /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
>
>
> This selinux alert appears on every login. Thanks.
>
http://www.akkadia.org/drepper/selinux-mem.html
execmem access is basically allowing an application to write and execute the
same memory. This is required for most buffer overflow attacks. We prevent
most confined applications from this access. Some tools need this kind of
access, usually needed for JIT compiled apps like mono and java. But few
applications actually need it.
What avc did you get? Did you open a bugzilla with selinux-policy or bluman?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDrCz0ACgkQrlYvE4MpobNFtwCguO2SfFhjqllesTm/cJjSXsk+
LLQAoL58MoZGm3DgYRBvZYsYPKzfEAa4
=FYNK
-----END PGP SIGNATURE-----
More information about the test
mailing list