memory on the heap To: fedora-test-list@redhat.com Cc: fedora-selinux-list@redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: 47195.13984.qm@web52608.mail.re2.yahoo.com
Dear all,
I have finished installing vlc from livna-devel repo, and upon starting it, Selinux setroubleshooter greets me with the following:
What is a heap? What should I do?
Thanks in Advance,
Antonio
Summary SELinux is preventing /usr/bin/vlc from changing the access protection of memory on the heap.
Detailed Description The /usr/bin/vlc application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /usr/bin/vlc does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access If you want /usr/bin/vlc to continue, you must turn on the allow_execheap boolean. Note: This boolean will affect all applications on the system.
The following command will allow this access: setsebool -P allow_execheap=1
Additional Information
Source Context system_u:system_r:unconfined_t Target Context system_u:system_r:unconfined_t Target Objects None [ process ] Affected RPM Packages vlc-0.8.6c-5.lvn8 [application] Policy RPM selinux-policy-3.0.8-18.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execheap Host Name localhost.localdomain Platform Linux localhost.localdomain
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6 13:53:58 EDT 2007 i686 i686 Alert Count 2 First Seen Mon 08 Oct 2007 05:36:54 PM CDT Last Seen Mon 08 Oct 2007 05:36:55 PM CDT Local ID a7f4dbf5-ffcd-472d-b654-8d68c350adad Line Numbers
Raw Audit Messages
avc: denied { execheap } for comm=wxvlc egid=500 euid=500 exe=/usr/bin/vlc exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225 scontext=system_u:system_r:unconfined_t:s0 sgid=500 subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=process tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=500
____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
memory on the heap To: fedora-test-list@redhat.com Cc: fedora-selinux-list@redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: 47195.13984.qm@web52608.mail.re2.yahoo.com
Dear all,
I have finished installing vlc from livna-devel repo, and upon starting it, Selinux setroubleshooter greets me with the following:
What is a heap? What should I do?
Thanks in Advance,
Antonio
Summary SELinux is preventing /usr/bin/vlc from changing the access protection of memory on the heap.
Detailed Description The /usr/bin/vlc application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /usr/bin/vlc does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access If you want /usr/bin/vlc to continue, you must turn on the allow_execheap boolean. Note: This boolean will affect all applications on the system.
The following command will allow this access: setsebool -P allow_execheap=1Additional Information
Source Context system_u:system_r:unconfined_t Target Context system_u:system_r:unconfined_t Target Objects None [ process ] Affected RPM Packages vlc-0.8.6c-5.lvn8 [application] Policy RPM selinux-policy-3.0.8-18.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execheap Host Name localhost.localdomain Platform Linux localhost.localdomain
2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6 13:53:58 EDT 2007 i686 i686 Alert Count 2 First Seen Mon 08 Oct 2007 05:36:54 PM CDT Last Seen Mon 08 Oct 2007 05:36:55 PM CDT Local ID a7f4dbf5-ffcd-472d-b654-8d68c350adad Line Numbers
Raw Audit Messages
avc: denied { execheap } for comm=wxvlc egid=500 euid=500 exe=/usr/bin/vlc exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225 scontext=system_u:system_r:unconfined_t:s0 sgid=500 subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=process tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=500
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you read what the troubleshoot told you? It explains pretty much your options. You can turn off execheap protection, or you can not run the program. You should report this as a bug to the maintainers of vlc.
Follow the links provided by the troubleshooter to find out more about execheap.
selinux@lists.fedoraproject.org
-
Antonio Olivares -
Daniel J Walsh