lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 May 2011 11:18:05 -0400
From:	Mark Leeds <markleeds2@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: selinux troubleshooting

Hello all: I'm a total newbie with the kernel and I've never used this
list before so excuse me if this is not the correct place to ask this
question. or if I don't follow the positing directions correctly.

I am running fedora 14.0 and when I do uname - a, I get

Linux localhost.local 2.6.35.10-74.fc14.i686 #1 SMP Thu Dec 23
16:17:40 UTC 2010 i686 i686 i386 GNU/Linux
:/home/markleeds/rpmbuild#

But today I've been trying to run an R  job ( see www.r-project.org
for details about R )  in the background and
it just dies without any error messages. well, it does in the sense
that the operating system hangs and I need to
shut down the computer by pulling the plug out and putting it back in.
There's no other way as far as
I can tell because the computer just freezes essentially.

Then I was poking around to see if I could find any info I went into
the selinux troubleshooter.

there is a red dot and two yellow dots below it. each says something.

next to the red dot:  "if you do not think /usr/lib/R/bin/exec/R
should need to map low
memory in the kernel"

next to the yellow dot:  "if you want to control the ability to mmap a
low area of teh address space, as confugured by
/proc/sys/kernel/mmap_min_addr".

next to the second yellow dot: "if you believe that R should be
allowed mmap_zero access on the
unknown mprotext by default".


In each case, if I click one of the dots, it gives a suggestion on
what to do  on the right.


#==============================================================================

red dot suggestion: "you may be under attack by a hacker, this is a very
dangerous access. Contact your security administrator and report this issue"


first yellow dot suggestion: You must tell SELinux about this by
enabling the 'mmap_low_allowed' boolean. setsebool -P mmap_low_allowed
1


second yellow dot suggestion.

You should report this as a bug. You can generate a local policy
module to allow this access.
Allow this access for now by executing: # grep R /var/log/audit/a
udit.log | audit2allow -M mypol

# semodule -i mypol.pp

#==============================================================================


thank you for any suggestions on what the best thing to do is
and I'm sorry if this is not the correct mailing list.


                                                        mark
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ