Adding two new booleans to httpd to tighten it's security.
Ulrich Drepper
drepper at redhat.com
Sun Dec 11 22:24:48 UTC 2005
Nicolas Mailhot wrote:
> Seems some python bits and mplayer are not safe either :
You have to specify which architecture. I assume the following are x64
since otherwise syscall=10 makes no sense.
> type=AVC msg=audit(1134326070.107:1325): avc: denied { execmem } for
> pid=28368 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
> type=SYSCALL msg=audit(1134326070.107:1325): arch=c000003e syscall=10
> success=no exit=-13 a0=7fffff8a5000 a1=1000 a2=1000007 a3=1 items=0
> pid=28368 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 comm="mplayer" exe="/usr/bin/mplayer"
>
> type=AVC msg=audit(1134326066.831:1324): avc: denied { execmem } for
> pid=28361 comm="python"
> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
> type=SYSCALL msg=audit(1134326066.831:1324): arch=c000003e syscall=10
> success=no exit=-13 a0=7fffff863000 a1=1000 a2=1000007 a3=1 items=0
> pid=28361 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 comm="python" exe="/usr/bin/python"
Both a mprotect calls but because x64 does not allow text relocations
the reason must be in the program logic. Definitely wrong code but what
remains to be seen.
Try using strace to determine what the programs try to do.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
More information about the selinux
mailing list