SELinux is preventing /usr/bin/vlc from changing the access protection of
Antonio Olivares
olivares14031 at yahoo.com
Mon Oct 8 22:40:44 UTC 2007
memory on the heap
To: fedora-test-list at redhat.com
Cc: fedora-selinux-list at redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <47195.13984.qm at web52608.mail.re2.yahoo.com>
Dear all,
I have finished installing vlc from livna-devel repo,
and upon starting it, Selinux setroubleshooter greets
me with the following:
What is a heap? What should I do?
Thanks in Advance,
Antonio
Summary
SELinux is preventing /usr/bin/vlc from changing
the access protection of
memory on the heap.
Detailed Description
The /usr/bin/vlc application attempted to change
the access protection of
memory on the heap (e.g., allocated using malloc).
This is a potential
security problem. Applications should not be
doing this. Applications are
sometimes coded incorrectly and request this
permission. The
http://people.redhat.com/drepper/selinux-mem.html
web page explains how to
remove this requirement. If /usr/bin/vlc does not
work and you need it to
work, you can configure SELinux temporarily to
allow this access until the
application is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Allowing Access
If you want /usr/bin/vlc to continue, you must
turn on the allow_execheap
boolean. Note: This boolean will affect all
applications on the system.
The following command will allow this access:
setsebool -P allow_execheap=1
Additional Information
Source Context
system_u:system_r:unconfined_t
Target Context
system_u:system_r:unconfined_t
Target Objects None [ process ]
Affected RPM Packages vlc-0.8.6c-5.lvn8
[application]
Policy RPM
selinux-policy-3.0.8-18.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_execheap
Host Name localhost.localdomain
Platform Linux
localhost.localdomain
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
13:53:58 EDT 2007 i686
i686
Alert Count 2
First Seen Mon 08 Oct 2007 05:36:54
PM CDT
Last Seen Mon 08 Oct 2007 05:36:55
PM CDT
Local ID
a7f4dbf5-ffcd-472d-b654-8d68c350adad
Line Numbers
Raw Audit Messages
avc: denied { execheap } for comm=wxvlc egid=500
euid=500 exe=/usr/bin/vlc
exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500
tclass=process
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
uid=500
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting
More information about the selinux
mailing list