Package: selinux-policy-default
Version: 2:0.0.20080702-6
Oct 25 22:11:44 localhost kernel: [ 19.120169] type=1400
audit(1256515903.848:4): avc: denied { mmap_zero } for pid=2364
comm="vbetool" scontext=system_u:system_r:unconfined_execmem_t:s0
tcontext=system_u:system_r:unconfined_execmem_t:s0 tclass=memprotect
in linux-image-2.6.26-2-686_2.6.26-19lenny1_i386.deb denied mmap_zero
in linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb denied mmap_zero
in linux-image-2.6.26-2-686_2.6.26-19_i386.deb work fine
possible reason
Debian Changelog linux-2.6 (2.6.26-19lenny1)
* selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.26-19lenny1/changelog
-rwxr-xr-x 1 root root system_u:object_r:vbetool_exec_t:s0 9416 Mai 4
2008 /usr/sbin/vbetool
not work
audit2allow
libsepol.check_assertion_helper: neverallow violated by allow
unconfined_execmem_t unconfined_execmem_t:memprotect { mmap_zero };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
not work
chcon -t unconfined_execmem_exec_t
seemed
https://bugzilla.redhat.com/show_bug.cgi?id=522380
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
