Watch, Follow, &
Connect with Us
Public Report
Report From: Kylix/RTL    [ Add a report in this area ]  
Report #:  89574   Status: Reported
Linux ReserveZeroPage causes SELinux security messages
Project:  Kylix Build #:  Kylix3
Version:    3.0 Submitted By:   David Jenkins
Report Type:  Minor failure / Design problem Date Reported:  11/10/2010 3:57:48 PM
Severity:    Commonly encountered problem Last Updated: 11/10/2010 6:02:58 PM
Platform:    All platforms Internal Tracking #:  
Resolution: None  Resolved in Build: : None
Duplicate of:  None
Voting and Rating
Overall Rating: No Ratings Yet
0.00 out of 5
Total Votes: None
Description
Kylix 3 on Linux:

Low 64K memory is mapped and protected with call to mmap in System.ReserveZeroPage.  

On current SELinux systems (example: Fedora 14 out of the box) mapping below vm.mmap_addr_min will cause a security message to be displayed to the user  The message is fairly prejudicial; indicating that the app is demonstrating behavior often found in malicious apps.

Steps to Reproduce:
Run an app linked to Kylix 3 System.pas on a Linux machined with SELinux enabled (selinuxenabled = true).
Workarounds
Even if ReserveZeroPage is changed to only map from vm.mmap_min_addr up to 64K, the message will still display.  There is a second requirement in SELinux that mmap() to low mem can only be done by an app that has CAP_SYS_RAWIO set in its capabilities.

Based on reading internet discussions on this it appears that the idea is for no app for any reason to map low 64k.

So the workaround that I have implemented is to not run ReserveZeroPage if SELinux is enabled.
Attachment
None
Comments

None

Server Response from: ETNACODE01