Bug 155255 - selinux alert simply playing a CD
Summary: selinux alert simply playing a CD
Status: RESOLVED NOT A BUG
Alias: None
Product: kde
Classification: I don't know
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-08 01:09 UTC by Landon M. Kelsey, III
Modified: 2008-01-08 01:14 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Landon M. Kelsey, III 2008-01-08 01:09:19 UTC 
Version:           3.5.8 (using KDE KDE 3.5.8)
Installed from:    Fedora RPMs
OS:                Linux

I could log into bugzilla but not the fde bug database!

You need to work on this! Reporting this bug was a pain!


Summary
    SELinux is preventing /usr/lib/openoffice.org/program/swriter.bin from
    changing the access protection of memory on the heap.

Detailed Description
    The /usr/lib/openoffice.org/program/swriter.bin application attempted to
    change the access protection of memory on the heap (e.g., allocated using
    malloc).  This is a potential security problem.  Applications should not be
    doing this. Applications are sometimes coded incorrectly and request this
    permission.  The http://people.redhat.com/drepper/selinux-mem.html web page
    explains how to remove this requirement.  If
    /usr/lib/openoffice.org/program/swriter.bin does not work and you need it to
    work, you can configure SELinux temporarily to allow this access until the
    application is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
    If you want /usr/lib/openoffice.org/program/swriter.bin to continue, you
    must turn on the allow_execheap boolean.  Note: This boolean will affect all
    applications on the system.

    The following command will allow this access:
    setsebool -P allow_execheap=1

Additional Information        

Source Context                system_u:system_r:unconfined_execmem_t:s0-s0:c0.c1
                              023
Target Context                system_u:system_r:unconfined_execmem_t:s0-s0:c0.c1
                              023
Target Objects                None [ process ]
Affected RPM Packages         openoffice.org-writer-2.3.0-6.7.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-62.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execheap
Host Name                     LMKIII
Platform                      Linux LMKIII 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
                              18:51:08 EST 2007 i686 i686
Alert Count                   3
First Seen                    Sun 11 Nov 2007 04:55:17 PM CST
Last Seen                     Sat 08 Dec 2007 04:22:55 PM CST
Local ID                      84999068-bca6-4110-880b-c5c1aa3b8bb9
Line Numbers                  

Raw Audit Messages            

avc: denied { execheap } for comm=swriter.bin egid=500 euid=500
exe=/usr/lib/openoffice.org/program/swriter.bin exit=-13 fsgid=500 fsuid=500
gid=500 items=0 pid=3280
scontext=system_u:system_r:unconfined_execmem_t:s0-s0:c0.c1023 sgid=500
subj=system_u:system_r:unconfined_execmem_t:s0-s0:c0.c1023 suid=500
tclass=process tcontext=system_u:system_r:unconfined_execmem_t:s0-s0:c0.c1023
tty=(none) uid=500
Comment 1 Pino Toscano 2008-01-08 01:14:56 UTC 
> SELinux is preventing /usr/lib/openoffice.org/program/swriter.bin [...]

This is a problem of OpenOffice.org, and KDE has nothing to do with it.
Please report it to the OpenOffice.org bug tracking system.