3:23 p.m.
SELinux is preventing /usr/bin/skype from mmap_zero access on the memprotect Unknown.
***** Plugin mmap_zero (53.1 confidence) suggests **************************
If you do not think /usr/bin/skype should need to mmap low memory in the kernel.
Then you may be under attack by a hacker, this is a very dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests *******************
If you want to control the ability to mmap a low area of the address space, as configured
by /proc/sys/kernel/mmap_min_addr.
Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean.
Do
setsebool -P mmap_low_allowed 1
***** Plugin catchall (5.76 confidence) suggests ***************************
If you believe that skype should be allowed mmap_zero access on the Unknown memprotect by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep skype /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
s0:c0.c1023
Target Objects Unknown [ memprotect ]
Source skype
Source Path /usr/bin/skype
Port <Unknown>
Host mobile-pc.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.9.7-40.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name mobile-pc.localdomain
Platform Linux mobile-pc.localdomain
2.6.35.13-91.fc14.i686.PAE #1 SMP Tue May 3
13:29:55 UTC 2011 i686 i686
Alert Count 100
First Seen Mon 16 May 2011 03:37:35 PM EDT
Last Seen Mon 16 May 2011 03:37:35 PM EDT
Local ID 162a1493-50dc-4231-ad0f-808d6fe5330b
Raw Audit Messages
type=AVC msg=audit(1305574655.789:127): avc: denied { mmap_zero } for pid=2784
comm="skype"
scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tclass=memprotect
Hash: skype,unconfined_execmem_t,unconfined_execmem_t,memprotect,mmap_zero
audit2allow
#============= unconfined_execmem_t ==============
#!!!! This avc is allowed in the current policy
allow unconfined_execmem_t self:memprotect mmap_zero;
audit2allow -R
#============= unconfined_execmem_t ==============
#!!!! This avc is allowed in the current policy
allow unconfined_execmem_t self:memprotect mmap_zero;
2:19 a.m.
New subject: SELinux is preventing /usr/bin/skype from mmap_zero access on the memprotect Unknown.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/16/2011 10:23 PM, Francis Shim wrote:
SELinux is preventing /usr/bin/skype from mmap_zero access on the
memprotect Unknown.
***** Plugin mmap_zero (53.1 confidence) suggests **************************
If you do not think /usr/bin/skype should need to mmap low memory in the kernel.
Then you may be under attack by a hacker, this is a very dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests *******************
If you want to control the ability to mmap a low area of the address space, as configured
by /proc/sys/kernel/mmap_min_addr.
Then you must tell SELinux about this by enabling the 'mmap_low_allowed'
boolean.
Do
setsebool -P mmap_low_allowed 1
***** Plugin catchall (5.76 confidence) suggests ***************************
If you believe that skype should be allowed mmap_zero access on the Unknown memprotect by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep skype /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
s0:c0.c1023
Target Objects Unknown [ memprotect ]
Source skype
Source Path /usr/bin/skype
Port <Unknown>
Host mobile-pc.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.9.7-40.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name mobile-pc.localdomain
Platform Linux mobile-pc.localdomain
2.6.35.13-91.fc14.i686.PAE #1 SMP Tue May 3
13:29:55 UTC 2011 i686 i686
Alert Count 100
First Seen Mon 16 May 2011 03:37:35 PM EDT
Last Seen Mon 16 May 2011 03:37:35 PM EDT
Local ID 162a1493-50dc-4231-ad0f-808d6fe5330b
Raw Audit Messages
type=AVC msg=audit(1305574655.789:127): avc: denied { mmap_zero } for pid=2784
comm="skype"
scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tclass=memprotect
Hash: skype,unconfined_execmem_t,unconfined_execmem_t,memprotect,mmap_zero
audit2allow
#============= unconfined_execmem_t ==============
#!!!! This avc is allowed in the current policy
allow unconfined_execmem_t self:memprotect mmap_zero;
audit2allow -R
#============= unconfined_execmem_t ==============
#!!!! This avc is allowed in the current policy
allow unconfined_execmem_t self:memprotect mmap_zero;
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
The alert tells you what you can do to allow it. The access is
dangerous, if it is really needed. Did skype actually work? Did you
report this bug to Skype?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3SIXUACgkQrlYvE4MpobOl9QCgu3TffLIP+JSKE7ehvAdOKayr
hcEAnRLW3Q9AjiwqGDxNwDhhwhTjRxhE
=52Nf
-----END PGP SIGNATURE-----
9:15 p.m.
New subject: SELinux is preventing /usr/bin/skype from mmap_zero access on the memprotect Unknown.
On Tue, 2011-05-17 at 09:19 +0200, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/16/2011 10:23 PM, Francis Shim wrote:
> SELinux is preventing /usr/bin/skype from mmap_zero access on the memprotect
Unknown.
>
> ***** Plugin mmap_zero (53.1 confidence) suggests **************************
>
> If you do not think /usr/bin/skype should need to mmap low memory in the kernel.
> Then you may be under attack by a hacker, this is a very dangerous access.
> Do
> contact your security administrator and report this issue.
>
> ***** Plugin catchall_boolean (42.6 confidence) suggests *******************
>
> If you want to control the ability to mmap a low area of the address space, as
configured by /proc/sys/kernel/mmap_min_addr.
> Then you must tell SELinux about this by enabling the 'mmap_low_allowed'
boolean.
> Do
> setsebool -P mmap_low_allowed 1
>
> ***** Plugin catchall (5.76 confidence) suggests ***************************
>
> If you believe that skype should be allowed mmap_zero access on the Unknown
memprotect by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep skype /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
> s0:c0.c1023
> Target Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
> s0:c0.c1023
> Target Objects Unknown [ memprotect ]
> Source skype
> Source Path /usr/bin/skype
> Port <Unknown>
> Host mobile-pc.localdomain
> Source RPM Packages
> Target RPM Packages
> Policy RPM selinux-policy-3.9.7-40.fc14
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name mobile-pc.localdomain
> Platform Linux mobile-pc.localdomain
> 2.6.35.13-91.fc14.i686.PAE #1 SMP Tue May 3
> 13:29:55 UTC 2011 i686 i686
> Alert Count 100
> First Seen Mon 16 May 2011 03:37:35 PM EDT
> Last Seen Mon 16 May 2011 03:37:35 PM EDT
> Local ID 162a1493-50dc-4231-ad0f-808d6fe5330b
>
> Raw Audit Messages
> type=AVC msg=audit(1305574655.789:127): avc: denied { mmap_zero } for pid=2784
comm="skype"
scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tclass=memprotect
>
>
> Hash: skype,unconfined_execmem_t,unconfined_execmem_t,memprotect,mmap_zero
>
> audit2allow
>
> #============= unconfined_execmem_t ==============
> #!!!! This avc is allowed in the current policy
>
> allow unconfined_execmem_t self:memprotect mmap_zero;
>
> audit2allow -R
>
> #============= unconfined_execmem_t ==============
> #!!!! This avc is allowed in the current policy
>
> allow unconfined_execmem_t self:memprotect mmap_zero;
>
>
>
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
The alert tells you what you can do to allow it. The access is
dangerous, if it is really needed. Did skype actually work? Did you
report this bug to Skype?
I am trying to report to Skype; however, I
really wanted to get some
credibility feedback from the SELinux forum before i do, because I was
really puzzled as to whether the following is happening:
Skype is really trying to access "low memory" (ie: < 1 MB) or is it DMA
memory areas? In either case, it just kind of freaked me out when I saw
it.
I am gambling that it is for DMA purposes so I allowed the access and
Skype works fine now; however, you can bet that I will be forwarding my
concerns to Skype. I hope I am not the only one who run into this
because it might mean that I really might have a virus.
Peace,
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3SIXUACgkQrlYvE4MpobOl9QCgu3TffLIP+JSKE7ehvAdOKayr
hcEAnRLW3Q9AjiwqGDxNwDhhwhTjRxhE
=52Nf
-----END PGP SIGNATURE-----
4726
days inactive
4728
days old
selinux@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
Daniel J Walsh -
Francis Shim