vbetool denied
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 30 14:25:55 UTC 2009
On 12/28/2009 06:21 PM, Kirk Lowery wrote:
> I'm running a newly installed, uptodate Fedora 12 box. Is there any reason
> by vbetools is denied? From dmesg:
>
> type=1400 audit(1262025694.652:4): avc: denied { mmap_zero } for pid=598
> comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 t
> class=memprotect
>
> Is this a problem with my local system, or a more general bug? And what is
> the best way to fix this?
>
> TIA!
>
> Kirk
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
There is an open bug on vbetool to not require this access. Some systems need this access in order for suspend/resume to work properly.
mmap_zero, has proven to be a way for root privledge escallation when a bug is found in the kernel. Having this boolean off prevents unconfined users from gaining root access.
Turning this on removes this protection.
More information about the fedora-selinux-list
mailing list