I have an SELinux warning SELinux is preventing check from mmap_zero access on the memprotect labeled spc_t.
When I google this I don’t find anything obviously the same. How can I determine if this is a serious breach or not? I don’t see how i actually can find out what check
is. Full SELinux output below
***** Plugin mmap_zero (53.1 confidence) suggests *************************
If you do not think check should need to mmap low memory in the kernel.
Then you may be under attack by a hacker, this is a very dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests ******************
If you want to allow mmap to low allowed
Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean.
Do
setsebool -P mmap_low_allowed 1
***** Plugin catchall (5.76 confidence) suggests **************************
If you believe that check should be allowed mmap_zero access on memprotect labeled spc_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'check' --raw | audit2allow -M my-check
# semodule -X 300 -i my-check.pp
Additional Information:
Source Context system_u:system_r:spc_t:s0
Target Context system_u:system_r:spc_t:s0
Target Objects Unknown [ memprotect ]
Source check
Source Path check
Port <Unknown>
Host fedora
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-36.17-1.fc36.noarch
Local Policy RPM container-selinux-2.199.0-1.fc36.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fedora
Platform Linux fedora 6.1.10-100.fc36.x86_64 #1 SMP
PREEMPT_DYNAMIC Mon Feb 6 19:58:39 UTC 2023
x86_64 x86_64
Alert Count 60
First Seen 2023-02-14 22:54:15 CET
Last Seen 2023-02-14 22:54:15 CET
Local ID 1ad5dfc6-2b85-422c-9f31-0fee1cf5f868
Raw Audit Messages
type=AVC msg=audit(1676411655.509:366): avc: denied { mmap_zero } for pid=2984 comm="check" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=memprotect permissive=0
Hash: check,spc_t,spc_t,memprotect,mmap_zero