[Bug 43192] New: Wine Staging 2.10 run afoul of SELinux

17 Jun 2017


      https://bugs.winehq.org/show_bug.cgi?id=43192
Bug ID: 43192
           Summary: Wine Staging 2.10 run afoul of SELinux
           Product: Wine-staging
           Version: 2.10
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs@winehq.org
          Reporter: ToddAndMargo@zoho.com
                CC: erich.e.hoover@wine-staging.com, michael@fds-team.de,
                    sebastian@fds-team.de
      Distribution: ---
Wine Staging 2.10 is annoying SELinux:
SELinux is preventing /usr/local/bin/wine-preloader from mmap_zero access on
the memprotect Unknown.
*****  Plugin mmap_zero (53.1 confidence) suggests   *************************
If you do not think /usr/local/bin/wine-preloader should need to mmap low
memory in the kernel.
Then you may be under attack by a hacker, this is a very dangerous access.
Do
contact your security administrator and report this issue.
*****  Plugin catchall_boolean (42.6 confidence) suggests   ******************
If you want to allow mmap to low allowed
Then you must tell SELinux about this by enabling the 'mmap_low_allowed'
boolean.
You can read 'None' man page for more details.
Do
setsebool -P mmap_low_allowed 1
*****  Plugin catchall (5.76 confidence) suggests   **************************
If you believe that wine-preloader should be allowed mmap_zero access on the
Unknown memprotect by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'wine-preloader' --raw | audit2allow -M my-winepreloader
# semodule -i my-winepreloader.pp
Additional Information:
Source Context               
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context               
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                Unknown [ memprotect ]
Source                        wine-preloader
Source Path                   /usr/local/bin/wine-preloader
Port                          <Unknown>
Host                          rn4.rent-a-nerd.local
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     rn4.rent-a-nerd.local
Platform                      Linux rn4.rent-a-nerd.local
                              3.10.0-514.6.1.el7.x86_64 #1 SMP Tue Jan 17
                              11:12:41 CST 2017 x86_64 x86_64
Alert Count                   35
First Seen                    2017-03-01 19:29:13 PST
Last Seen                     2017-06-16 19:34:44 PDT
Local ID                      ea843281-ca8b-4658-bdfb-4d6bcdadbb9c
Raw Audit Messages
type=AVC msg=audit(1497666884.922:1427): avc:  denied  { mmap_zero } for 
pid=29453 comm="wine-preloader"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=memprotect
Hash: wine-preloader,unconfined_t,unconfined_t,memprotect,mmap_zero
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 43192] New: Wine Staging 2.10 run afoul of SELinux