Bug#941994: quassel-core: do not require execmem

Christian Göttsche Tue, 08 Oct 2019 12:00:58 -0700

Package: quassel-core
Version: 1:0.13.1-1
Severity: wishlist

Currently quassel-core requires the SELinux process permission execmem.


This is not a problem by itself, but for a 24/7 daemon hanging on the
internet it would be nice to not require it.

Maybe there is a way to disable jit/scripting/... at build time?

Best regards
    Christian Göttsche



p.s.: info for the case execmem is prohibited:


SELinux denial


type=PROCTITLE msg=audit(10/06/19 18:35:21.946:42) :
proctitle=/usr/bin/quasselcore --configdir=/var/lib/quassel
--logfile=/var/log/quassel/core.log --loglevel=Info --port=4242
--listen=::,0.
type=SYSCALL msg=audit(10/06/19 18:35:21.946:42) : arch=x86_64
syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0
a1=0x80000000 a2=PROT_READ|PROT_WRITE|PROT_EXEC
a3=MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE items=0 ppid=1 pid=462
auid=unset uid=quasselcore gid=quassel euid=quasselcore
suid=quasselcore fsuid=quasselcore egid=quassel sgid=quassel
fsgid=quassel tty=(none) ses=unset comm=QThread
exe=/usr/bin/quasselcore subj=system_u:system_r:quasselcore_t:s0
key=(null)
type=AVC msg=audit(10/06/19 18:35:21.946:42) : avc:  denied  { execmem
} for  pid=462 comm=QThread
scontext=system_u:system_r:quasselcore_t:s0
tcontext=system_u:system_r:quasselcore_t:s0 tclass=process
permissive=0


Quassel self-backtrace


Quassel IRC: 0.13.1 3778a12912369eb5add886bb65ca74e9df841744
#  0 quasselcore          0x000055eefb383634 0x0000000000000000
#  1 quasselcore          0x000055eefb358eba 0x0000000000000000
#  2 quasselcore          0x000055eefb388b03 0x0000000000000000
#  3 libQt5Core.so.5      0x00007f9b8e2ad463
QMetaObject::activate(QObject*, int, int, void**)
#  4 quasselcore          0x000055eefb38495e 0x0000000000000000
#  5 quasselcore          0x000055eefb38444d 0x0000000000000000
#  6 libQt5Core.so.5      0x00007f9b8e2ad463
QMetaObject::activate(QObject*, int, int, void**)
#  7 libQt5Core.so.5      0x00007f9b8e2b8b79
QSocketNotifier::activated(int, QSocketNotifier::QPrivateSignal)
#  8 libQt5Core.so.5      0x00007f9b8e2b8ec1 QSocketNotifier::event(QEvent*)
#  9 libQt5Core.so.5      0x00007f9b8e284006
QCoreApplication::notifyInternal2(QObject*, QEvent*)
# 10 libQt5Core.so.5      0x00007f9b8e2d5fea 0x0000000000000000
# 11 libglib-2.0.so.0     0x00007f9b8d4ecebd g_main_context_dispatch
# 12 libglib-2.0.so.0     0x00007f9b8d4ed140 0x0000000000000000
# 13 libglib-2.0.so.0     0x00007f9b8d4ed1cf g_main_context_iteration
# 14 libQt5Core.so.5      0x00007f9b8e2d53c7
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
# 15 libQt5Core.so.5      0x00007f9b8e282cfb
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
# 16 libQt5Core.so.5      0x00007f9b8e28acd2 QCoreApplication::exec()
# 17 quasselcore          0x000055eefb225c8b 0x0000000000000000
# 18 libc.so.6            0x00007f9b8dc8dbbb __libc_start_main
# 19 quasselcore          0x000055eefb23154a _start


gdb backtrace


#0  0x00007ffff7c0a935 in
QTJSC::FixedVMPoolAllocator::FixedVMPoolAllocator
(totalHeapSize=2147483648, commonSize=<optimized out>,
this=0x7ffff002be10)
    at 
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp:314
#1  QTJSC::ExecutablePool::systemAlloc (size=size@entry=16384) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp:447
#2  0x00007ffff7c9b9c8 in QTJSC::ExecutablePool::ExecutablePool
(n=16384, this=0x7ffff417e960) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:258
#3  QTJSC::ExecutablePool::create (n=16384) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:97
#4  QTJSC::ExecutableAllocator::ExecutableAllocator
(this=0x7ffff41789c8) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:150
#5  QTJSC::JSGlobalData::JSGlobalData (this=0x7ffff4177800,
isShared=<optimized out>) at
../3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp:145
#6  0x00007ffff7c9be68 in QTJSC::JSGlobalData::create () at
../3rdparty/javascriptcore/JavaScriptCore/wtf/FastAllocBase.h:98
#7  0x00007ffff7d4440c in QScriptEnginePrivate::QScriptEnginePrivate
(this=0x7ffff0004a00) at api/qscriptengine.cpp:989
#8  0x00007ffff7d44f9f in QScriptEngine::QScriptEngine
(this=0x7ffff000a3c0, parent=0x7ffff0005210) at
api/qscriptengine.cpp:2057
#9  0x00005555556047e5 in CoreSession::CoreSession
(this=0x7ffff0005210, uid=..., restoreState=<optimized out>,
strictIdentEnabled=<optimized out>, parent=<optimized out>) at
./src/core/coreeventmanager.h:33
#10 0x00005555556555e7 in (anonymous namespace)::Worker::initialize
(this=0x5555558d3d10) at ./src/core/sessionthread.cpp:48
#11 (anonymous namespace)::Worker::qt_static_metacall
(_o=0x5555558d3d10, _c=<optimized out>, _id=<optimized out>,
_a=<optimized out>) at
./obj-x86_64-linux-gnu/src/core/mod_core_autogen/include/sessionthread.moc:87
#12 0x00007ffff77b8463 in QMetaObject::activate(QObject*, int, int,
void**) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff75dcde7 in QThread::started(QThread::QPrivateSignal) ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff75e79f0 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff7159fb7 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#16 0x00007ffff726c2ef in clone () from /lib/x86_64-linux-gnu/libc.so.6

Bug#941994: quassel-core: do not require execmem

Reply via email to