f16 x86_64 :: kwin - execmem

Adrian Sevcenco Adrian.Sevcenco at cern.ch
Sun Feb 19 08:02:33 UTC 2012 

Hi! i have this situation in which kwin (which is strange as the command
reported is firefox) tries to map a memory region as executable and
writable. The advice is to report to bugzilla ..
before doing this, did someone else encountered this?

Thanks,
Adrian

SELinux is preventing /usr/bin/kwin from execmem access on the None .

*****  Plugin catchall (100. confidence) suggests
***************************

If you believe that kwin should be allowed execmem access on the
<Unknown> by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kwin /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                 [ None ]
Source                        kwin
Source Path                   /usr/bin/kwin
Port                          <Unknown>
Host                          adrian.home
Source RPM Packages           firefox-10.0.1-1.fc16.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     adrian.home
Platform                      Linux adrian.home 3.2.6-3.fc16.x86_64 #1
SMP Mon
                              Feb 13 20:35:42 UTC 2012 x86_64 x86_64
Alert Count                   13
First Seen                    Sat 18 Feb 2012 02:55:59 PM EET
Last Seen                     Sun 19 Feb 2012 09:53:32 AM EET
Local ID                      5f799950-b58d-4cda-af92-f71bb4d4652c

Raw Audit Messages
type=AVC msg=audit(1329638012.530:69): avc:  denied  { execmem } for
pid=2360 comm="firefox"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=processnode=adrian.home type=SYSCALL
msg=audit(1329638012.530:69): arch=c000003e syscall=9 success=yes
exit=140493093380096 a0=0 a1=10000 a2=7 a3=22 items=0 ppid=1634 pid=2360
auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000
sgid=1000 fsgid=1000 tty=(none) ses=1 comm="firefox"
exe="/usr/lib64/firefox/firefox"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1984 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120219/75d672d9/attachment.p7s>

More information about the selinux mailing list