How can firefox (sometimes) make memory executable?
After upgrading to the Firefox 4 of Fedora 15, Firefox crashes
immediately on startup. I get an AVC about execmem being denied. I
run with allow_execmem disabled. (Audit details below.) I used
strace and gdb and found out that this happens in a file called
xulrunner-2.0.1/mozilla-2.0/js/src/assembler/jit/ExecutableAllocateorPosix.cpp
where it does
The definition of INITIAL_PROTECTION_FLAGS is
PROT_READ|PROT_WRITE|PROT_EXEC which indeed looks like something
that would be disallowed without allow_execmem.
To make more mysterious, on a different system where we have an fresh
installation of Fedora 15, not updated from earlier versions, firefox
DO work. It does so even if I turn off allow_execmem. And when I
check /proc/*/maps for the firefox process, there are several
anonymous regions with "rwxp" permission.
How can it do that? What is it that allows the firefox on the freshly
installed F15 system allocate executable and writeable pages? If I
knew, maybe I would know what am I missing on the upgraded system?
How can firefox (sometimes) make memory executable?
On Sat, 2011-06-18 at 19:34 +0200, Göran Uddeborg wrote:
> How can it do that? What is it that allows the firefox on the freshly
> installed F15 system allocate executable and writeable pages? If I
> knew, maybe I would know what am I missing on the upgraded system?
its x86_64 vs. 686 issue
x86_64 does not need execmem.
You can change the context of the firefox executable to execmem_exec_t i
believe and that should probably make it work
you can also set boolean allow_execmem to true i believe
or you can use audit2allow to allow this access
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
How can firefox (sometimes) make memory executable?
