memory on the heap
To: fedora-test-list(a)redhat.com
Cc: fedora-selinux-list(a)redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <47195.13984.qm(a)web52608.mail.re2.yahoo.com>
Dear all,
I have finished installing vlc from livna-devel repo,
and upon starting it, Selinux setroubleshooter greets
me with the following:
What is a heap? What should I do?
Thanks in Advance,
Antonio
Summary
SELinux is preventing /usr/bin/vlc from changing
the access protection of
memory on the heap.
Detailed Description
The /usr/bin/vlc application attempted to change
the access protection of
memory on the heap (e.g., allocated using malloc).
This is a potential
security problem. Applications should not be
doing this. Applications are
sometimes coded incorrectly and request this
permission. The
http://people.redhat.com/drepper/selinux-mem.html
web page explains how to
remove this requirement. If /usr/bin/vlc does not
work and you need it to
work, you can configure SELinux temporarily to
allow this access until the
application is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Allowing Access
If you want /usr/bin/vlc to continue, you must
turn on the allow_execheap
boolean. Note: This boolean will affect all
applications on the system.
The following command will allow this access:
setsebool -P allow_execheap=1
Additional Information
Source Context
system_u:system_r:unconfined_t
Target Context
system_u:system_r:unconfined_t
Target Objects None [ process ]
Affected RPM Packages vlc-0.8.6c-5.lvn8
[application]
Policy RPM
selinux-policy-3.0.8-18.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_execheap
Host Name localhost.localdomain
Platform Linux
localhost.localdomain
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
13:53:58 EDT 2007 i686
i686
Alert Count 2
First Seen Mon 08 Oct 2007 05:36:54
PM CDT
Last Seen Mon 08 Oct 2007 05:36:55
PM CDT
Local ID
a7f4dbf5-ffcd-472d-b654-8d68c350adad
Line Numbers
Raw Audit Messages
avc: denied { execheap } for comm=wxvlc egid=500
euid=500 exe=/usr/bin/vlc
exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500
tclass=process
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
uid=500
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to
get online.
http://smallbusiness.yahoo.com/webhosting
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Did you read what the
troubleshoot told you? It explains pretty much
your options. You can turn off execheap protection, or you can not run
the program. You should report this as a bug to the maintainers of vlc.
Follow the links provided by the troubleshooter to find out more about
execheap.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iD8DBQFHDSpzrlYvE4MpobMRAnwdAKDnMI6TS4J5uaPPduS2ej/Ei7kC0gCfTiMU
aTOzgTNoH2vgLVT3OYwGa+Q=
=EsTw
-----END PGP SIGNATURE-----