SELinux problem whith totem.
Daniel J Walsh
dwalsh at redhat.com
Sat Mar 29 17:10:57 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pedro Jose wrote:
> Hello, I received this warning after installing totem-xine and run
> this for the first time. I am concerned because the solution will
> affect all applications on the system. (SELinux warning).
>
> This is:
>
>
> Resúmen:
>
> SELinux is preventing totem from changing the access protection of memory on the
> heap.
>
> Descripción Detallada:
>
> The totem application attempted to change the access protection of memory on the
> heap (e.g., allocated using malloc). This is a potential security problem.
> Applications should not be doing this. Applications are sometimes coded
> incorrectly and request this permission. The SELinux Memory Protection Tests
> (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
> remove this requirement. If totem does not work and you need it to work, you can
> configure SELinux temporarily to allow this access until the application is
> fixed. Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
> Permitiendo Acceso:
>
> If you want totem to continue, you must turn on the allow_execheap boolean.
> Note: This boolean will affect all applications on the system.
>
> El siguiente comando permitirá este acceso:
>
> setsebool -P allow_execheap=1
>
> Información Adicional:
>
> Contexto Fuente system_u:system_r:unconfined_t:s0
> Contexto Destino system_u:system_r:unconfined_t:s0
> Objetos Destino None [ process ]
> Source totem
> Source Path /usr/bin/totem
> Port <Desconocido>
> Host localhost.localdomain
> Source RPM Packages totem-xine-2.20.1-1.lvn8
> Target RPM Packages
> RPM de Políticas selinux-policy-3.0.8-93.fc8
> SELinux Activado True
> Tipo de Política targeted
> MLS Activado True
> Modo Obediente Enforcing
> Nombre de Plugin allow_execheap
> Nombre de Equipo localhost.localdomain
> Plataforma Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
> Wed Mar 12 18:17:20 EDT 2008 i686 i686
> Cantidad de Alertas 2
> First Seen lun 24 mar 2008 22:26:42 CET
> Last Seen lun 24 mar 2008 22:26:42 CET
> Local ID c06e8b85-a4b1-4b69-8672-76e95d189cf9
> Números de Línea
>
> Mensajes de Auditoría Crudos
>
> host=localhost.localdomain type=AVC msg=audit(1206394002.429:87): avc:
> denied { execheap } for pid=5071 comm="totem"
> scontext=system_u:system_r:unconfined_t:s0
> tcontext=system_u:system_r:unconfined_t:s0 tclass=process
>
> host=localhost.localdomain type=SYSCALL msg=audit(1206394002.429:87):
> arch=40000003 syscall=125 success=no exit=-13 a0=808f000 a1=ad4000
> a2=5 a3=bfe0eff0 items=0 ppid=1 pid=5071 auid=500 uid=500 gid=500
> euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
> comm="totem" exe="/usr/bin/totem"
> subj=system_u:system_r:unconfined_t:s0 key=(null)
>
>
> How can I do?
>
> Thanks
>
You are trying to run a program that is doing something dangerous. I am
pretty sure this is caused by a badly coded codec. You can either not
run the codec, or execute
# setsebool -P allow_execheap 1
Like the message told you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfueCEACgkQrlYvE4MpobNhfwCbBRzkqtUp/2+6CkCuO6UWCKtl
StwAoOu+Ozzr7UPoFzGUgTwXAHsUXbzV
=m16G
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list