After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 532970 - SELinux is preventing epiphany from changing the access protection of memory on the heap.
SELinux is preventing epiphany from changing the access protection of memory ...
Status: RESOLVED NOTGNOME
Product: epiphany
Classification: Core
Component: General
2.20.x
Other All
: Normal normal
: ---
Assigned To: Epiphany Maintainers
Epiphany Maintainers
Depends on:
Blocks:
 
 
Reported: 2008-05-13 15:32 UTC by Matěj Cepl
Modified: 2008-05-23 21:24 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22


Description Matěj Cepl 2008-05-13 15:32:41 UTC 
Please describe the problem:
The epiphany application attempted to change the access protection of memory on
the heap (e.g., allocated using malloc). This is a potential security problem.
Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. If epiphany does not work and you need it to work, you
can configure SELinux temporarily to allow this access until the application is
fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Allowing Access:

If you want epiphany to continue, you must turn on the allow_execheap boolean.
Note: This boolean will affect all applications on the system.

The following command will allow this access:

setsebool -P allow_execheap=1

Additional Information:

Source Context                unconfined_u:system_r:unconfined_t:SystemLow-
                              SystemHigh
Target Context                unconfined_u:system_r:unconfined_t:SystemLow-
                              SystemHigh
Target Objects                None [ process ]
Source                        epiphany
Source Path                   /usr/bin/epiphany
Port                          <Unknown>
Host                          thedude.lebowski
Source RPM Packages           epiphany-2.20.3-4.fc8
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-101.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_execheap
Host Name                     thedude.lebowski
Platform                      Linux thedude.lebowski 2.6.24.5-85.fc8 #1 SMP Sat
                              Apr 19 12:39:34 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 26 Mar 2008 03:57:20 AM EDT
Last Seen                     Tue 13 May 2008 07:48:27 AM EDT
Local ID                      6c673953-f76c-44aa-9c85-f366003a4c9a
Line Numbers                  

Raw Audit Messages            

host=thedude.lebowski type=AVC msg=audit(1210679307.749:15): avc:  denied  {
execheap } for  pid=4153 comm="epiphany"
scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process

host=thedude.lebowski type=SYSCALL msg=audit(1210679307.749:15): arch=40000003
syscall=125 success=no exit=-13 a0=8188000 a1=370000 a2=5 a3=bf969b60 items=0
ppid=1 pid=4153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) comm="epiphany" exe="/usr/bin/epiphany"
subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Steps to reproduce:
1. see above
2. 
3. 


Actual results:


Expected results:


Does this happen every time?


Other information:
Comment 1 Christian Persch 2008-05-23 21:24:40 UTC 
That's gecko doing it (or a plugin).