FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-26-2008, 07:24 PM
"Pedro Jose"
 
Default SELinux problem whith totem.

Hello, I received this warning after installing totem-xine and run
this for the first time. I am concerned because the solution will
affect all applications on the system. (SELinux warning).

This is:


Resúmen:

SELinux is preventing totem from changing the access protection of memory on the
heap.

Descripción Detallada:

The totem application attempted to change the access protection of memory on the
heap (e.g., allocated using malloc). This is a potential security problem.
Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If totem does not work and you need it to work, you can
configure SELinux temporarily to allow this access until the application is
fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Permitiendo Acceso:

If you want totem to continue, you must turn on the allow_execheap boolean.
Note: This boolean will affect all applications on the system.

El siguiente comando permitirá este acceso:

setsebool -P allow_execheap=1

Información Adicional:

Contexto Fuente system_u:system_r:unconfined_t:s0
Contexto Destino system_u:system_r:unconfined_t:s0
Objetos Destino None [ process ]
Source totem
Source Path /usr/bin/totem
Port <Desconocido>
Host localhost.localdomain
Source RPM Packages totem-xine-2.20.1-1.lvn8
Target RPM Packages
RPM de Políticas selinux-policy-3.0.8-93.fc8
SELinux Activado True
Tipo de Política targeted
MLS Activado True
Modo Obediente Enforcing
Nombre de Plugin allow_execheap
Nombre de Equipo localhost.localdomain
Plataforma Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
Wed Mar 12 18:17:20 EDT 2008 i686 i686
Cantidad de Alertas 2
First Seen lun 24 mar 2008 22:26:42 CET
Last Seen lun 24 mar 2008 22:26:42 CET
Local ID c06e8b85-a4b1-4b69-8672-76e95d189cf9
Números de Línea

Mensajes de Auditoría Crudos

host=localhost.localdomain type=AVC msg=audit(1206394002.429:87): avc:
denied { execheap } for pid=5071 comm="totem"
scontext=system_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:unconfined_t:s0 tclass=process

host=localhost.localdomain type=SYSCALL msg=audit(1206394002.429:87):
arch=40000003 syscall=125 success=no exit=-13 a0=808f000 a1=ad4000
a2=5 a3=bfe0eff0 items=0 ppid=1 pid=5071 auid=500 uid=500 gid=500
euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
comm="totem" exe="/usr/bin/totem"
subj=system_u:system_r:unconfined_t:s0 key=(null)


How can I do?

Thanks

--
Saludos,


Pedro

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-29-2008, 04:10 PM
Daniel J Walsh
 
Default SELinux problem whith totem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pedro Jose wrote:
> Hello, I received this warning after installing totem-xine and run
> this for the first time. I am concerned because the solution will
> affect all applications on the system. (SELinux warning).
>
> This is:
>
>
> Resúmen:
>
> SELinux is preventing totem from changing the access protection of memory on the
> heap.
>
> Descripción Detallada:
>
> The totem application attempted to change the access protection of memory on the
> heap (e.g., allocated using malloc). This is a potential security problem.
> Applications should not be doing this. Applications are sometimes coded
> incorrectly and request this permission. The SELinux Memory Protection Tests
> (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
> remove this requirement. If totem does not work and you need it to work, you can
> configure SELinux temporarily to allow this access until the application is
> fixed. Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
> Permitiendo Acceso:
>
> If you want totem to continue, you must turn on the allow_execheap boolean.
> Note: This boolean will affect all applications on the system.
>
> El siguiente comando permitirá este acceso:
>
> setsebool -P allow_execheap=1
>
> Información Adicional:
>
> Contexto Fuente system_u:system_r:unconfined_t:s0
> Contexto Destino system_u:system_r:unconfined_t:s0
> Objetos Destino None [ process ]
> Source totem
> Source Path /usr/bin/totem
> Port <Desconocido>
> Host localhost.localdomain
> Source RPM Packages totem-xine-2.20.1-1.lvn8
> Target RPM Packages
> RPM de Políticas selinux-policy-3.0.8-93.fc8
> SELinux Activado True
> Tipo de Política targeted
> MLS Activado True
> Modo Obediente Enforcing
> Nombre de Plugin allow_execheap
> Nombre de Equipo localhost.localdomain
> Plataforma Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
> Wed Mar 12 18:17:20 EDT 2008 i686 i686
> Cantidad de Alertas 2
> First Seen lun 24 mar 2008 22:26:42 CET
> Last Seen lun 24 mar 2008 22:26:42 CET
> Local ID c06e8b85-a4b1-4b69-8672-76e95d189cf9
> Números de Línea
>
> Mensajes de Auditoría Crudos
>
> host=localhost.localdomain type=AVC msg=audit(1206394002.429:87): avc:
> denied { execheap } for pid=5071 comm="totem"
> scontext=system_u:system_r:unconfined_t:s0
> tcontext=system_u:system_r:unconfined_t:s0 tclass=process
>
> host=localhost.localdomain type=SYSCALL msg=audit(1206394002.429:87):
> arch=40000003 syscall=125 success=no exit=-13 a0=808f000 a1=ad4000
> a2=5 a3=bfe0eff0 items=0 ppid=1 pid=5071 auid=500 uid=500 gid=500
> euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
> comm="totem" exe="/usr/bin/totem"
> subj=system_u:system_r:unconfined_t:s0 key=(null)
>
>
> How can I do?
>
> Thanks
>
You are trying to run a program that is doing something dangerous. I am
pretty sure this is caused by a badly coded codec. You can either not
run the codec, or execute

# setsebool -P allow_execheap 1

Like the message told you.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfueCEACgkQrlYvE4MpobNhfwCbBRzkqtUp/2+6CkCuO6UWCKtl
StwAoOu+Ozzr7UPoFzGUgTwXAHsUXbzV
=m16G
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org