unconfined_execmem_t transitions to unconfined_t

Daniel J Walsh dwalsh at redhat.com
Thu Nov 1 17:57:01 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom London wrote:
> Running latest rawhide, targeted/enforcing.
> 
> Are there any issues allowing transition from 'unconfined_execmem_t'
> to 'unconfined_t'?
> 
> /usr/bin/valgrind is 'unconfined_execmem_exec_t', so running
> 'valgrind system-config-users' or
> 'PYTHONPATH=/usr/share/system-config-users valgrind /usr/bin/python
> /usr/share/system-config-users/system-config-users.py'
> 
> produces:
> 
> Summary
>     SELinux is preventing userhelper (unconfined_execmem_t) "transition" to
>     /usr/share/system-config-users/system-config-users (unconfined_t).
> 
> Detailed Description
>     SELinux denied access requested by userhelper. It is not expected that this
>     access is required by userhelper and this access may signal an intrusion
>     attempt. It is also possible that the specific version or configuration of
>     the application is causing it to require additional access.
> 
> Allowing Access
>     You can generate a local policy module to allow this access - see
>     http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
>     SELinux protection altogether. Disabling SELinux protection is not
>     recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
> 
> Additional Information
> 
> Source Context                system_u:system_r:unconfined_execmem_t
> Target Context                system_u:system_r:unconfined_t
> Target Objects                /usr/share/system-config-users/system-config-users
>                               [ process ]
> Affected RPM Packages         system-config-users-1.2.72-1.fc8 [target]
> Policy RPM                    selinux-policy-3.0.8-40.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain 2.6.23.1-41.fc8 #1 SMP
>                               Mon Oct 29 18:29:15 EDT 2007 i686 i686
> Alert Count                   2
> First Seen                    Tue 30 Oct 2007 07:08:40 AM PDT
> Last Seen                     Tue 30 Oct 2007 07:09:35 AM PDT
> Local ID                      c1b26ecd-2d55-4e55-85bd-46f718634fce
> Line Numbers
> 
> Raw Audit Messages
> 
> avc: denied { transition } for comm=userhelper dev=dm-0 path=/usr/share/system-
> config-users/system-config-users pid=5742
> scontext=system_u:system_r:unconfined_execmem_t:s0 tclass=process
> tcontext=system_u:system_r:unconfined_t:s0
> 
> 
> 
No this should be allowed.  selinux-policy-3.0.8-45.fc8.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHKhNsrlYvE4MpobMRAh2cAJ9ZMeqs9DJPbk8hMpvIdjS4EDXT1ACdF6u8
tF95gYy4qTzqoT8Kximgshw=
=2FGb
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list