SELinux is preventing /usr/bin/vlc from changing the access protection of

Antonio Olivares olivares14031 at
Mon Oct 8 22:40:44 UTC 2007

memory on the heap
To: fedora-test-list at
Cc: fedora-selinux-list at
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <47195.13984.qm at>

Dear all,

I have finished installing vlc from livna-devel repo,
and upon starting it, Selinux setroubleshooter greets
me with the following:

What is a heap?  What should I do?

Thanks in Advance,


    SELinux is preventing /usr/bin/vlc from changing
the access protection of
    memory on the heap.

Detailed Description
    The /usr/bin/vlc application attempted to change
the access protection of
    memory on the heap (e.g., allocated using malloc).
 This is a potential
    security problem.  Applications should not be
doing this. Applications are
    sometimes coded incorrectly and request this
permission.  The
web page explains how to
    remove this requirement.  If /usr/bin/vlc does not
work and you need it to
    work, you can configure SELinux temporarily to
allow this access until the
    application is fixed. Please file a
against this package.

Allowing Access
    If you want /usr/bin/vlc to continue, you must
turn on the allow_execheap
    boolean.  Note: This boolean will affect all
applications on the system.

    The following command will allow this access:
    setsebool -P allow_execheap=1

Additional Information        

Source Context               
Target Context               
Target Objects                None [ process ]
Affected RPM Packages         vlc-0.8.6c-5.lvn8
Policy RPM                   
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execheap
Host Name                     localhost.localdomain
Platform                      Linux
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
                              13:53:58 EDT 2007 i686
Alert Count                   2
First Seen                    Mon 08 Oct 2007 05:36:54
Last Seen                     Mon 08 Oct 2007 05:36:55
Local ID                     
Line Numbers                  

Raw Audit Messages            

avc: denied { execheap } for comm=wxvlc egid=500
euid=500 exe=/usr/bin/vlc
exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500
tcontext=system_u:system_r:unconfined_t:s0 tty=(none)

Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. 

More information about the fedora-selinux-list mailing list