English Danish

SELinux policy is preventing an httpd script from writing to a public
directory.

SELinux policy is preventing an httpd script from writing to a public
directory. If httpd is not setup to write to public directories, this
could signal an intrusion attempt.

If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux
man page for further information:
"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>"
You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"
If you want to allow $SOURCE_PATH to be able to write to shared public content
you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.

SELinux is preventing $SOURCE_PATH from changing the access
protection of memory on the heap.

The $SOURCE application attempted to change the access protection of memory on
the heap (e.g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not work and
you need it to work, you can configure SELinux temporarily to allow
this access until the application is fixed. Please file a bug
report against this package.

If you want $SOURCE to continue, you must turn on the
$BOOLEAN boolean. Note: This boolean will affect all applications
on the system.
If you do not think $SOURCE_PATH should need to map heap memory that is both writable and executable.
you need to report a bug. This is a potentially dangerous access.
Contact your security administrator and report this issue.

SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation.

The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries do not need this permission. Libraries are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. You can configure
SELinux temporarily to allow $TARGET_PATH to use relocation as a
workaround, until the library is fixed. Please file a bug report.

The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries should not need this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">
SELinux Memory Protection Tests</a>
web page explains this check. This tool examined the library and it looks
like it was built correctly. So setroubleshoot can not determine if this
application is compromised or not. This could be a serious issue. Your
system may very well be compromised.

Contact your security administrator and report this issue.


If you trust $TARGET_PATH to run correctly, you can change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'$TARGET_PATH'"
You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH'"

Change label on the library.

SELinux is preventing $SOURCE_PATH from making the program stack executable.

The $SOURCE application attempted to make its stack
executable. This is a potential security problem. This should
never ever be necessary. Stack memory is not executable on most
OSes these days and this will not change. Executable stack memory
is one of the biggest security problems. An execstack error might
in fact be most likely raised by malicious code. Applications are
sometimes coded incorrectly and request this permission. The
<a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
web page explains how to remove this requirement. If $SOURCE does not
work and you need it to work, you can configure SELinux
temporarily to allow this access until the application is fixed. Please
file a bug report.

Sometimes a library is accidentally marked with the execstack flag,
if you find a library with this flag you can clear it with the
execstack -c LIBRARY_PATH. Then retry your application. If the
app continues to not work, you can turn the flag back on with
execstack -s LIBRARY_PATH.
If you do not think $SOURCE_PATH should need to map stack memory that is both writable and executable.