selinux and blueman applet

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/07/2013 05:08 PM, nonamedotc wrote:
> 
> On 01/07/2013 11:51 AM, Daniel J Walsh wrote: On 01/06/2013 06:55 PM,
> nonamedotc wrote:
>>>> Could anyone please shed some light on this selinux warning?
>>>> 
>>>> SELinux is preventing /usr/bin/python2.7 from using the execmem
>>>> access on a process.
>>>> 
>>>> Plugin: catchall you want to allow python2.7 to have execmem access
>>>> on the processIf you believe that python2.7 should be allowed execmem
>>>> access on processes labeled blueman_t by default. You should report
>>>> this as a bug. You can generate a local policy module to allow this
>>>> access. Allow this access for now by executing: # grep
>>>> blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol #
>>>> semodule -i mypol.pp
>>>> 
>>>> 
>>>> This selinux alert appears on every login. Thanks.
>>>> 
> http://www.akkadia.org/drepper/selinux-mem.html
> 
> execmem access is basically allowing an application to write and execute
> the same memory.   This is required for most buffer overflow attacks.  We
> prevent most confined applications from this access. Some tools need this
> kind of access, usually needed for JIT compiled apps like mono and java.
> But few applications actually need it.
> 
> What avc did you get?  Did you open a bugzilla with selinux-policy or
> bluman? O.K. So, re-enabled blueman and this is the avc I get.
> 
> Source process:         /usr/bin/python2.7 Attempted this access:  execmem
> 
> Troubleshooting tab shows how to generate local policy to allow access.
> 
> Thanks again.
> 


https://bugzilla.redhat.com/show_bug.cgi?id=872913

Here is a bugzilla where this is already reported
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDsJ0gACgkQrlYvE4MpobMFDgCfYetKjWzIylv5uc+6JezghWsE
L1kAn1NwArSIN/PrLzB2113pO20YYrjv
=ELMx
-----END PGP SIGNATURE-----