SELinux is preventing /usr/bin/vlc from changing the access protection of
Daniel J Walsh
dwalsh at redhat.com
Wed Oct 10 19:39:31 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> memory on the heap
> To: fedora-test-list at redhat.com
> Cc: fedora-selinux-list at redhat.com
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> Message-ID: <47195.13984.qm at web52608.mail.re2.yahoo.com>
>
> Dear all,
>
> I have finished installing vlc from livna-devel repo,
> and upon starting it, Selinux setroubleshooter greets
> me with the following:
>
> What is a heap? What should I do?
>
> Thanks in Advance,
>
> Antonio
>
> Summary
> SELinux is preventing /usr/bin/vlc from changing
> the access protection of
> memory on the heap.
>
> Detailed Description
> The /usr/bin/vlc application attempted to change
> the access protection of
> memory on the heap (e.g., allocated using malloc).
> This is a potential
> security problem. Applications should not be
> doing this. Applications are
> sometimes coded incorrectly and request this
> permission. The
> http://people.redhat.com/drepper/selinux-mem.html
> web page explains how to
> remove this requirement. If /usr/bin/vlc does not
> work and you need it to
> work, you can configure SELinux temporarily to
> allow this access until the
> application is fixed. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Allowing Access
> If you want /usr/bin/vlc to continue, you must
> turn on the allow_execheap
> boolean. Note: This boolean will affect all
> applications on the system.
>
> The following command will allow this access:
> setsebool -P allow_execheap=1
>
> Additional Information
>
> Source Context
> system_u:system_r:unconfined_t
> Target Context
> system_u:system_r:unconfined_t
> Target Objects None [ process ]
> Affected RPM Packages vlc-0.8.6c-5.lvn8
> [application]
> Policy RPM
> selinux-policy-3.0.8-18.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.allow_execheap
> Host Name localhost.localdomain
> Platform Linux
> localhost.localdomain
>
> 2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
> 13:53:58 EDT 2007 i686
> i686
> Alert Count 2
> First Seen Mon 08 Oct 2007 05:36:54
> PM CDT
> Last Seen Mon 08 Oct 2007 05:36:55
> PM CDT
> Local ID
> a7f4dbf5-ffcd-472d-b654-8d68c350adad
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { execheap } for comm=wxvlc egid=500
> euid=500 exe=/usr/bin/vlc
> exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
> scontext=system_u:system_r:unconfined_t:s0 sgid=500
> subj=system_u:system_r:unconfined_t:s0 suid=500
> tclass=process
> tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
> uid=500
>
>
>
>
>
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you read what the troubleshoot told you? It explains pretty much
your options. You can turn off execheap protection, or you can not run
the program. You should report this as a bug to the maintainers of vlc.
Follow the links provided by the troubleshooter to find out more about
execheap.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHDSpzrlYvE4MpobMRAnwdAKDnMI6TS4J5uaPPduS2ej/Ei7kC0gCfTiMU
aTOzgTNoH2vgLVT3OYwGa+Q=
=EsTw
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list