KDE Screensaver

Daniel J Walsh dwalsh at redhat.com
Tue Feb 21 05:11:15 UTC 2006 

Mike Leahy wrote:
> Would this be something to report as a KDE bug then?
>   
yes
 and point them at

http://people.redhat.com/drepper/selinux-mem.html



> Daniel J Walsh wrote:
>   
>> Mike Leahy wrote:
>>     
>>> Hello list,
>>>
>>> I just asked about this problem earlier on fedora-test-list.  When I
>>> try to open the screensaver settings in Fedora test list, I got a
>>> message related to denied access to libGL.so.1.  Rahul clued me into
>>> realizing that this is an SELinux issue.  I set SELinux to permissive,
>>> and this allowed me to open/edit the KDE screensaver settings.
>>>
>>> Is there anything I should do to try changing the policies and/or is
>>> this already a known issue?
>>>       
>> If you really want this you can setsebool -P allow_execstack=1
>> You should report these as bugzilla's as they are potential security
>> problems .  There is little if any reason to ever have an application
>> requiring execstack.
>>
>> http://people.redhat.com/drepper/selinux-mem.html
>>
>> Dan
>>     
>>> Thanks for any suggestions,
>>> Mike
>>>
>>> type=USER_AUTH msg=audit(1140153148.074:1925): user pid=11876 uid=500
>>> auid=500 msg='PAM: authentication acct=root : exe="/bin/su"
>>> (hostname=?, addr=?, terminal=pts/5 res=success)'
>>> type=USER_ACCT msg=audit(1140153148.074:1926): user pid=11876 uid=500
>>> auid=500 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?,
>>> addr=?, terminal=pts/5 res=success)'
>>> type=USER_START msg=audit(1140153148.190:1927): user pid=11876 uid=500
>>> auid=500 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?,
>>> addr=?, terminal=pts/5 res=success)'
>>> type=CRED_ACQ msg=audit(1140153148.190:1928): user pid=11876 uid=500
>>> auid=500 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?,
>>> addr=?, terminal=pts/5 res=success)'
>>> type=AVC msg=audit(1140153183.272:1929): avc:  denied  { execstack }
>>> for  pid=11897 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153183.272:1929): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11897 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>> type=AVC msg=audit(1140153183.272:1930): avc:  denied  { execstack }
>>> for  pid=11897 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153183.272:1930): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11897 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>> type=AVC msg=audit(1140153211.694:1931): avc:  denied  { execstack }
>>> for  pid=11900 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153211.694:1931): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11900 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>> type=AVC msg=audit(1140153211.694:1932): avc:  denied  { execstack }
>>> for  pid=11900 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153211.694:1932): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11900 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>> type=AVC msg=audit(1140153246.196:1933): avc:  denied  { execstack }
>>> for  pid=11903 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153246.196:1933): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11903 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>> type=AVC msg=audit(1140153246.196:1934): avc:  denied  { execstack }
>>> for  pid=11903 comm="kcmshell"
>>> scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>> type=SYSCALL msg=audit(1140153246.196:1934): arch=40000003 syscall=125
>>> success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
>>> pid=11903 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
>>> egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
>>>
>>> -- 
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>       
>>     
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list