SELinux problem whith totem.

Pedro Jose ercrokan at gmail.com
Wed Mar 26 20:24:15 UTC 2008 

Hello, I received this warning after installing totem-xine and run
this for the first time. I am concerned because the solution  will
affect all applications on the system. (SELinux warning).

This is:


Resúmen:

SELinux is preventing totem from changing the access protection of memory on the
heap.

Descripción Detallada:

The totem application attempted to change the access protection of memory on the
heap (e.g., allocated using malloc). This is a potential security problem.
Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If totem does not work and you need it to work, you can
configure SELinux temporarily to allow this access until the application is
fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Permitiendo Acceso:

If you want totem to continue, you must turn on the allow_execheap boolean.
Note: This boolean will affect all applications on the system.

El siguiente comando permitirá este acceso:

setsebool -P allow_execheap=1

Información Adicional:

Contexto Fuente               system_u:system_r:unconfined_t:s0
Contexto Destino              system_u:system_r:unconfined_t:s0
Objetos Destino               None [ process ]
Source                        totem
Source Path                   /usr/bin/totem
Port                          <Desconocido>
Host                          localhost.localdomain
Source RPM Packages           totem-xine-2.20.1-1.lvn8
Target RPM Packages
RPM de Políticas             selinux-policy-3.0.8-93.fc8
SELinux Activado              True
Tipo de Política             targeted
MLS Activado                  True
Modo Obediente                Enforcing
Nombre de Plugin              allow_execheap
Nombre de Equipo              localhost.localdomain
Plataforma                    Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
                              Wed Mar 12 18:17:20 EDT 2008 i686 i686
Cantidad de Alertas           2
First Seen                    lun 24 mar 2008 22:26:42 CET
Last Seen                     lun 24 mar 2008 22:26:42 CET
Local ID                      c06e8b85-a4b1-4b69-8672-76e95d189cf9
Números de Línea

Mensajes de Auditoría Crudos

host=localhost.localdomain type=AVC msg=audit(1206394002.429:87): avc:
 denied  { execheap } for  pid=5071 comm="totem"
scontext=system_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:unconfined_t:s0 tclass=process

host=localhost.localdomain type=SYSCALL msg=audit(1206394002.429:87):
arch=40000003 syscall=125 success=no exit=-13 a0=808f000 a1=ad4000
a2=5 a3=bfe0eff0 items=0 ppid=1 pid=5071 auid=500 uid=500 gid=500
euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
comm="totem" exe="/usr/bin/totem"
subj=system_u:system_r:unconfined_t:s0 key=(null)


How can I do?

Thanks

-- 
Saludos,


Pedro

More information about the fedora-selinux-list mailing list