Opened 14 years ago

Last modified 13 years ago

#1043 reopened Defect

does boinc really need execmem selinux privileges?

Reported by: mjakubicek Owned by: davea
Priority: Undetermined Milestone: Undetermined
Component: Client - Daemon Version: 6.10.58
Keywords: Cc: mjakubicek

Description

Please have a look at https://bugzilla.redhat.com/show_bug.cgi?id=665453.

In short: boinc project already have the execmem privilege, now it looks like even boinc needs it, which seems to be a bug.

Change History (6)

comment:1 Changed 14 years ago by davea

Resolution: wontfix
Status: newclosed

seems like an issue with the Red Hat installer, not w/ BOINC

comment:2 Changed 14 years ago by Nicolas

Resolution: wontfix
Status: closedreopened

It would be a problem with the Red Hat installer if the privilege was needed and it wasn't being granted. The question is if BOINC needs it.

"the boinc developers/packagers should explain why it needs this access or fix it so it does not"

comment:3 Changed 14 years ago by mjakubicek

Nicolas, thanks, that's exactly the problem, so let me repeat it:

It is not a problem to grant the privileges for BOINC, but there seems to be no reason for BOINC (note: boinc client, NOT the boinc app) to have it.

comment:4 Changed 13 years ago by mjakubicek

ping -- could somebody please explain? please refer to http://www.akkadia.org/drepper/selinux-mem.html for possible causes.

comment:5 Changed 13 years ago by Nicolas

Do you still get the error? Can you get a backtrace from the system call that triggered the SELinux check?

comment:6 Changed 13 years ago by davea

AFAIK, nothing in BOINC (manager, client, or applications) uses PROT_EXEC anywhere, so they don't need the execmem privilege.

What exactly is the problem here? Nothing in BOINC uses SELinux features.

Note: See TracTickets for help on using tickets.