execmem/execstack AVCs in recent updates
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 14 14:41:09 UTC 2006
Tom London wrote:
> On 11/13/06, Tom London <selinux at gmail.com> wrote:
>> On 11/13/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> > Could you open a bugzilla on this for firefox.
>> Yup: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215424
>> > >
>> > > Also, vmware is still unhappy :-(
>> > What is it complaining about?
>> type=AVC msg=audit(1163450320.414:32): avc: denied { execstack } for
>> pid=3763 comm="ld-linux.so.2"
>> scontext=user_u:system_r:unconfined_t:s0
>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>> type=SYSCALL msg=audit(1163450320.414:32): arch=40000003 syscall=125
>> success=yes exit=0 a0=bfef2000 a1=1000 a2=1000007 a3=fffff000 items=0
>> ppid=3761 pid=3763 auid=500 uid=500 gid=500 euid=500 suid=500
>> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ld-linux.so.2"
>> exe="/lib/ld-2.5.90.so" subj=user_u:system_r:unconfined_t:s0
>> key=(null)
>>
>
> Actually, execmem is generated also.....
>
> type=AVC msg=audit(1163430106.494:54): avc: denied { execstack } for
> pid=3462 comm="ld-linux.so.2"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=AVC msg=audit(1163430106.494:54): avc: denied { execmem } for
> pid=3462 comm="ld-linux.so.2" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163430106.494:54): arch=40000003 syscall=125
> success=yes exit=0 a0=bfd55000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=3460 pid=3462 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="ld-linux.so.2"
> exe="/lib/ld-2.5.90.so" subj=user_u:system_r:unconfined_t:s0
> key=(null)
Can you open a bug on this, so I can get Uli and some of the kernel/gcc
guys to look at this.
More information about the fedora-selinux-list
mailing list