SELinux is preventing wine-preloader from using execheap access in a process. #1108
Comments
|
I am having the same problem when trying to launch bitwarden on the Fedora desktop under Plasma 6.1 |
|
Having the same problem trying to run ProtonMail and Signal Desktop on Fedora 40. It seems a lot of apps rely on |
|
Found this issue when I had the same. You may find this interesting: ValveSoftware/Proton#7285 TL;DR Fixed in kernel 6.11 (possibly backported to 6.10.6) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I'm using Fedora Linux and I'm receiving these messages all the time about SELinux preventing things to happen. There's some commands to allow wine and/or plugins to do stuff I do not really trust. Just reporting. If it's not a bug i'd like to know. If it is, i'd like to know how to proceed or if it's safe to execute the commands below. Is there a way to not receive these messages?
uname -a
Linux fedora 6.6.8-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 21 04:01:49 UTC 2023 x86_64 GNU/Linux
wine --version
wine-9.0rc3.r0.g75f626ec ( TkG Staging Esync Fsync )
yabridgectl --version
yabridgectl 5.1.0
Thank you. Here's the full translated text back to english by gpt:
SELinux is preventing wine-preloader from using execheap access in a process.
***** Plugin allow_execheap (trust 53.1) suggests ************************
If you don't think $SOURCEO_PATH should map the writable and executable heap memory, you need to report a bug. This is a very dangerous access. Please contact your security administrator and report this problem.
***** Plugin catchall_boolean (trust 42.6) suggests **********************
If you want to allow selinuxuser to execheap, you should inform SELinux about it by enabling the boolean 'selinuxuser_execheap'.
Run the following command:
setsebool -P selinuxuser_execheap 1
***** Plugin catchall (trust 5.76) suggests ******************************
If you believe wine-preloader should be allowed execheap access in processes labeled unconfined_t by default, you should inform that this is a bug. You can generate a local policy module to allow this access.
Run the following commands:
ausearch -c 'wine-preloader' --raw | audit2allow -M my-winepreloader
semodule -X 300 -i my-winepreloader.pp
Additional information:
Source context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Target context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Target objects Unknown [ process ]
Source wine-preloader
Source path wine-preloader
Port
Machine fedora
Source RPM packages
Target RPM packages
SELinux Policy RPM selinux-policy-targeted-39.3-1.fc39.noarch
Local Policy RPM selinux-policy-targeted-39.3-1.fc39.noarch
SELinux enabled True
Policy type targeted
Enforcing mode Enforcing
Machine name fedora
Platform Linux fedora 6.6.8-200.fc39.x86_64 #1 SMP
PREEMPT_DYNAMIC Thu Dec 21 04:01:49 UTC
2023 x86_64
Alert count 2
First seen 2024-01-03 12:32:47 -03
Last seen 2024-01-03 13:16:43 -03
Local ID c64b7d5e-7eb8-49f6-a6db-4075708a0a51
Unprocessed audit messages
type=AVC msg=audit(1704298603.124:206): avc: denied { execheap } for
pid=8463 comm="wine-preloader"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process permissive=0
Hash: wine-preloader,unconfined_t,unconfined_t,process,execheap
The text was updated successfully, but these errors were encountered: