selinux and blueman applet
Daniel J Walsh
dwalsh at redhat.com
Tue Jan 8 14:03:52 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/07/2013 05:08 PM, nonamedotc wrote:
>
> On 01/07/2013 11:51 AM, Daniel J Walsh wrote: On 01/06/2013 06:55 PM,
> nonamedotc wrote:
>>>> Could anyone please shed some light on this selinux warning?
>>>>
>>>> SELinux is preventing /usr/bin/python2.7 from using the execmem
>>>> access on a process.
>>>>
>>>> Plugin: catchall you want to allow python2.7 to have execmem access
>>>> on the processIf you believe that python2.7 should be allowed execmem
>>>> access on processes labeled blueman_t by default. You should report
>>>> this as a bug. You can generate a local policy module to allow this
>>>> access. Allow this access for now by executing: # grep
>>>> blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol #
>>>> semodule -i mypol.pp
>>>>
>>>>
>>>> This selinux alert appears on every login. Thanks.
>>>>
> http://www.akkadia.org/drepper/selinux-mem.html
>
> execmem access is basically allowing an application to write and execute
> the same memory. This is required for most buffer overflow attacks. We
> prevent most confined applications from this access. Some tools need this
> kind of access, usually needed for JIT compiled apps like mono and java.
> But few applications actually need it.
>
> What avc did you get? Did you open a bugzilla with selinux-policy or
> bluman? O.K. So, re-enabled blueman and this is the avc I get.
>
> Source process: /usr/bin/python2.7 Attempted this access: execmem
>
> Troubleshooting tab shows how to generate local policy to allow access.
>
> Thanks again.
>
https://bugzilla.redhat.com/show_bug.cgi?id=872913
Here is a bugzilla where this is already reported
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDsJ0gACgkQrlYvE4MpobMFDgCfYetKjWzIylv5uc+6JezghWsE
L1kAn1NwArSIN/PrLzB2113pO20YYrjv
=ELMx
-----END PGP SIGNATURE-----
More information about the test
mailing list