selinux and blueman applet
nonamedotc at gmail.com
Mon Jan 7 17:56:22 UTC 2013
On 01/07/2013 11:51 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 01/06/2013 06:55 PM, nonamedotc wrote:
>> Could anyone please shed some light on this selinux warning?
>> SELinux is preventing /usr/bin/python2.7 from using the execmem access on
>> a process.
>> Plugin: catchall you want to allow python2.7 to have execmem access on the
>> processIf you believe that python2.7 should be allowed execmem access on
>> processes labeled blueman_t by default. You should report this as a bug.
>> You can generate a local policy module to allow this access. Allow this
>> access for now by executing: # grep blueman-mechani
>> /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
>> This selinux alert appears on every login. Thanks.
> execmem access is basically allowing an application to write and execute the
> same memory. This is required for most buffer overflow attacks. We prevent
> most confined applications from this access. Some tools need this kind of
> access, usually needed for JIT compiled apps like mono and java. But few
> applications actually need it.
> What avc did you get? Did you open a bugzilla with selinux-policy or bluman?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
My temporary fix had been to get rid of blueman and since I had
absolutely no idea what to say, I have not filed a bug on anything yet.
I will reinstall blueman and send more information here and file a bug.
Thanks for the reply.
More information about the test