selinux troubleshooting
From: Mark Leeds
Date: Tue May 10 2011 - 11:18:11 EST
Hello all: I'm a total newbie with the kernel and I've never used this
list before so excuse me if this is not the correct place to ask this
question. or if I don't follow the positing directions correctly.
I am running fedora 14.0 and when I do uname - a, I get
Linux localhost.local 2.6.35.10-74.fc14.i686 #1 SMP Thu Dec 23
16:17:40 UTC 2010 i686 i686 i386 GNU/Linux
:/home/markleeds/rpmbuild#
But today I've been trying to run an R job ( see www.r-project.org
for details about R ) in the background and
it just dies without any error messages. well, it does in the sense
that the operating system hangs and I need to
shut down the computer by pulling the plug out and putting it back in.
There's no other way as far as
I can tell because the computer just freezes essentially.
Then I was poking around to see if I could find any info I went into
the selinux troubleshooter.
there is a red dot and two yellow dots below it. each says something.
next to the red dot: "if you do not think /usr/lib/R/bin/exec/R
should need to map low
memory in the kernel"
next to the yellow dot: "if you want to control the ability to mmap a
low area of teh address space, as confugured by
/proc/sys/kernel/mmap_min_addr".
next to the second yellow dot: "if you believe that R should be
allowed mmap_zero access on the
unknown mprotext by default".
In each case, if I click one of the dots, it gives a suggestion on
what to do on the right.
#==============================================================================
red dot suggestion: "you may be under attack by a hacker, this is a very
dangerous access. Contact your security administrator and report this issue"
first yellow dot suggestion: You must tell SELinux about this by
enabling the 'mmap_low_allowed' boolean. setsebool -P mmap_low_allowed
1
second yellow dot suggestion.
You should report this as a bug. You can generate a local policy
module to allow this access.
Allow this access for now by executing: # grep R /var/log/audit/a
udit.log | audit2allow -M mypol
# semodule -i mypol.pp
#==============================================================================
thank you for any suggestions on what the best thing to do is
and I'm sorry if this is not the correct mailing list.
mark
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/