SELinux problem whith totem.

Daniel J Walsh dwalsh at redhat.com
Sat Mar 29 17:10:57 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pedro Jose wrote:
> Hello, I received this warning after installing totem-xine and run
> this for the first time. I am concerned because the solution  will
> affect all applications on the system. (SELinux warning).
> 
> This is:
> 
> 
> Resúmen:
> 
> SELinux is preventing totem from changing the access protection of memory on the
> heap.
> 
> Descripción Detallada:
> 
> The totem application attempted to change the access protection of memory on the
> heap (e.g., allocated using malloc). This is a potential security problem.
> Applications should not be doing this. Applications are sometimes coded
> incorrectly and request this permission. The SELinux Memory Protection Tests
> (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
> remove this requirement. If totem does not work and you need it to work, you can
> configure SELinux temporarily to allow this access until the application is
> fixed. Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
> 
> Permitiendo Acceso:
> 
> If you want totem to continue, you must turn on the allow_execheap boolean.
> Note: This boolean will affect all applications on the system.
> 
> El siguiente comando permitirá este acceso:
> 
> setsebool -P allow_execheap=1
> 
> Información Adicional:
> 
> Contexto Fuente               system_u:system_r:unconfined_t:s0
> Contexto Destino              system_u:system_r:unconfined_t:s0
> Objetos Destino               None [ process ]
> Source                        totem
> Source Path                   /usr/bin/totem
> Port                          <Desconocido>
> Host                          localhost.localdomain
> Source RPM Packages           totem-xine-2.20.1-1.lvn8
> Target RPM Packages
> RPM de Políticas             selinux-policy-3.0.8-93.fc8
> SELinux Activado              True
> Tipo de Política             targeted
> MLS Activado                  True
> Modo Obediente                Enforcing
> Nombre de Plugin              allow_execheap
> Nombre de Equipo              localhost.localdomain
> Plataforma                    Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
>                               Wed Mar 12 18:17:20 EDT 2008 i686 i686
> Cantidad de Alertas           2
> First Seen                    lun 24 mar 2008 22:26:42 CET
> Last Seen                     lun 24 mar 2008 22:26:42 CET
> Local ID                      c06e8b85-a4b1-4b69-8672-76e95d189cf9
> Números de Línea
> 
> Mensajes de Auditoría Crudos
> 
> host=localhost.localdomain type=AVC msg=audit(1206394002.429:87): avc:
>  denied  { execheap } for  pid=5071 comm="totem"
> scontext=system_u:system_r:unconfined_t:s0
> tcontext=system_u:system_r:unconfined_t:s0 tclass=process
> 
> host=localhost.localdomain type=SYSCALL msg=audit(1206394002.429:87):
> arch=40000003 syscall=125 success=no exit=-13 a0=808f000 a1=ad4000
> a2=5 a3=bfe0eff0 items=0 ppid=1 pid=5071 auid=500 uid=500 gid=500
> euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
> comm="totem" exe="/usr/bin/totem"
> subj=system_u:system_r:unconfined_t:s0 key=(null)
> 
> 
> How can I do?
> 
> Thanks
> 
You are trying to run a program that is doing something dangerous.  I am
pretty sure this is caused by a badly coded codec.  You can either not
run the codec, or execute

# setsebool -P allow_execheap 1

Like the message told you.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfueCEACgkQrlYvE4MpobNhfwCbBRzkqtUp/2+6CkCuO6UWCKtl
StwAoOu+Ozzr7UPoFzGUgTwXAHsUXbzV
=m16G
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list