selinux and blueman applet
nonamedotc
nonamedotc at gmail.com
Mon Jan 7 22:08:46 UTC 2013
On 01/07/2013 11:51 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/06/2013 06:55 PM, nonamedotc wrote:
>> Could anyone please shed some light on this selinux warning?
>>
>> SELinux is preventing /usr/bin/python2.7 from using the execmem access on
>> a process.
>>
>> Plugin: catchall you want to allow python2.7 to have execmem access on the
>> processIf you believe that python2.7 should be allowed execmem access on
>> processes labeled blueman_t by default. You should report this as a bug.
>> You can generate a local policy module to allow this access. Allow this
>> access for now by executing: # grep blueman-mechani
>> /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
>>
>>
>> This selinux alert appears on every login. Thanks.
>>
> http://www.akkadia.org/drepper/selinux-mem.html
>
> execmem access is basically allowing an application to write and execute the
> same memory. This is required for most buffer overflow attacks. We prevent
> most confined applications from this access. Some tools need this kind of
> access, usually needed for JIT compiled apps like mono and java. But few
> applications actually need it.
>
> What avc did you get? Did you open a bugzilla with selinux-policy or bluman?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlDrCz0ACgkQrlYvE4MpobNFtwCguO2SfFhjqllesTm/cJjSXsk+
> LLQAoL58MoZGm3DgYRBvZYsYPKzfEAa4
> =FYNK
> -----END PGP SIGNATURE-----
O.K. So, re-enabled blueman and this is the avc I get.
Source process: /usr/bin/python2.7
Attempted this access: execmem
Troubleshooting tab shows how to generate local policy to allow access.
Thanks again.
--
nonamedotc
More information about the test
mailing list