selinux and blueman applet

Daniel J Walsh dwalsh at
Tue Jan 8 14:03:52 UTC 2013

Hash: SHA1

On 01/07/2013 05:08 PM, nonamedotc wrote:
> On 01/07/2013 11:51 AM, Daniel J Walsh wrote: On 01/06/2013 06:55 PM,
> nonamedotc wrote:
>>>> Could anyone please shed some light on this selinux warning?
>>>> SELinux is preventing /usr/bin/python2.7 from using the execmem
>>>> access on a process.
>>>> Plugin: catchall you want to allow python2.7 to have execmem access
>>>> on the processIf you believe that python2.7 should be allowed execmem
>>>> access on processes labeled blueman_t by default. You should report
>>>> this as a bug. You can generate a local policy module to allow this
>>>> access. Allow this access for now by executing: # grep
>>>> blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol #
>>>> semodule -i mypol.pp
>>>> This selinux alert appears on every login. Thanks.
> execmem access is basically allowing an application to write and execute
> the same memory.   This is required for most buffer overflow attacks.  We
> prevent most confined applications from this access. Some tools need this
> kind of access, usually needed for JIT compiled apps like mono and java.
> But few applications actually need it.
> What avc did you get?  Did you open a bugzilla with selinux-policy or
> bluman? O.K. So, re-enabled blueman and this is the avc I get.
> Source process:         /usr/bin/python2.7 Attempted this access:  execmem
> Troubleshooting tab shows how to generate local policy to allow access.
> Thanks again.

Here is a bugzilla where this is already reported
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined -


More information about the test mailing list