SELinux problems
Please forgive me if this is the wrong forum for a bug report...
Has anyone tried running exu on a system running SELinux? I use Fedora 9 / KDE
and I keep seeing the attached message (this example is when running
demo/sanity.ex).
Thanks,
Nathan
-------------------------------------------------------
--exu error message
Euphoria SANITY TEST ...
sanity.ex:963 in procedure machine_level()
A machine-level exception occurred during execution of this statement
... called from sanity.ex:1247 in procedure sanity()
... called from sanity.ex:1302
--> See ex.err
-----------------------------------------------------------
SELinux report:
Summary:
SELinux is preventing exu from changing the access protection of memory on the
heap.
Detailed Description:
The exu application attempted to change the access protection of memory on the
heap (e.g., allocated using malloc). This is a potential security problem.
Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If exu does not work and you need it to work, you can
configure SELinux temporarily to allow this access until the application is
fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Allowing Access:
If you want exu to continue, you must turn on the allow_execheap boolean. Note:
This boolean will affect all applications on the system.
Fix Command:
setsebool -P allow_execheap=1
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects None [ process ]
Source exu
Source Path /home/Nathan/Download/euphoria/bin/exu
Port <Unknown>
Host localhost.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.3.1-62.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_execheap
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.25.4-30.fc9.i686
#1 SMP Wed May 21 18:12:35 EDT 2008 i686 i686
Alert Count 211
First Seen Wed 21 May 2008 01:55:22 AM EDT
Last Seen Wed 21 May 2008 02:02:14 AM EDT
Local ID 3d4cac42-3335-45e6-b187-58cc1a855c6b
Line Numbers
Raw Audit Messages
host=localhost.localdomain type=AVC msg=audit(1211349734.334:340): avc: denied
{ execheap } for pid=2196 comm="exu"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
host=localhost.localdomain type=SYSCALL msg=audit(1211349734.334:340):
arch=40000003 syscall=125 success=no exit=-13 a0=851e000 a1=1000 a2=7 a3=851eec0
items=0 ppid=2162 pid=2196 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=pts2 ses=1 comm="exu"
exe="/home/Nathan/Download/euphoria/bin/exu"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
|
Not Categorized, Please Help
|
|
