On 12/28/2009 06:21 PM, Kirk Lowery wrote:
I'm running a newly installed, uptodate Fedora 12 box. Is there
any reason
by vbetools is denied? From dmesg:
type=1400 audit(1262025694.652:4): avc: denied { mmap_zero } for pid=598
comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 t
class=memprotect
Is this a problem with my local system, or a more general bug? And what is
the best way to fix this?
TIA!
Kirk
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list There is an open bug on
vbetool to not require this access. Some systems need this access in order for
suspend/resume to work properly.
mmap_zero, has proven to be a way for root privledge escallation when a bug is found in
the kernel. Having this boolean off prevents unconfined users from gaining root access.
Turning this on removes this protection.