SELinux is preventing /usr/bin/vlc from changing the access protection of

[Antonio Olivares]

memory on the heap
To: fedora-test-list at redhat.com
Cc: fedora-selinux-list at redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <47195.13984.qm at web52608.mail.re2.yahoo.com>

Dear all,

I have finished installing vlc from livna-devel repo,
and upon starting it, Selinux setroubleshooter greets
me with the following:

What is a heap?  What should I do?

Thanks in Advance,

Antonio 

Summary
    SELinux is preventing /usr/bin/vlc from changing
the access protection of
    memory on the heap.

Detailed Description
    The /usr/bin/vlc application attempted to change
the access protection of
    memory on the heap (e.g., allocated using malloc).
 This is a potential
    security problem.  Applications should not be
doing this. Applications are
    sometimes coded incorrectly and request this
permission.  The
    http://people.redhat.com/drepper/selinux-mem.html
web page explains how to
    remove this requirement.  If /usr/bin/vlc does not
work and you need it to
    work, you can configure SELinux temporarily to
allow this access until the
    application is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Allowing Access
    If you want /usr/bin/vlc to continue, you must
turn on the allow_execheap
    boolean.  Note: This boolean will affect all
applications on the system.

    The following command will allow this access:
    setsebool -P allow_execheap=1

Additional Information        

Source Context               
system_u:system_r:unconfined_t
Target Context               
system_u:system_r:unconfined_t
Target Objects                None [ process ]
Affected RPM Packages         vlc-0.8.6c-5.lvn8
[application]
Policy RPM                   
selinux-policy-3.0.8-18.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execheap
Host Name                     localhost.localdomain
Platform                      Linux
localhost.localdomain
                             
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
                              13:53:58 EDT 2007 i686
i686
Alert Count                   2
First Seen                    Mon 08 Oct 2007 05:36:54
PM CDT
Last Seen                     Mon 08 Oct 2007 05:36:55
PM CDT
Local ID                     
a7f4dbf5-ffcd-472d-b654-8d68c350adad
Line Numbers                  

Raw Audit Messages            

avc: denied { execheap } for comm=wxvlc egid=500
euid=500 exe=/usr/bin/vlc
exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500
tclass=process
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
uid=500




       
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting