Menu

#924 SELinux is preventing privoxy from using the 'execmem' accesses on a process.

version 3.0.29
closed
Fabian Keil
None
5
2021-11-05
2021-01-19
Gwyn Ciesla
No

See https://bugzilla.redhat.com/show_bug.cgi?id=1917099

If execmem is needed, we can update the selinux policy, I just want to make sure.

Discussion

  • Fabian Keil

    Fabian Keil - 2021-01-19
    • status: open --> pending
    • assigned_to: Fabian Keil
     

  • Fabian Keil

    Fabian Keil - 2021-01-19

    Does removing all filter files from the config file allow Privoxy to start with the policy enabled?

    I suspect that the "'execmem' accesses" are the result of Privoxy requesting JIT-compilation (from pcre) if it's supported and the filter isn't dynamic.

    JIT-support was introduced in Privoxy 3.0.29.

    There currently is no convenient way to disable it dynamically but compiling with PCRE_STUDY_JIT_COMPILE undefined should disable it.

     

    • Gwyn Ciesla

      Gwyn Ciesla - 2021-01-19

      That seems to help. I'll ask if we can change the policy, if not, I'll rebuild with JIT disabled. Thanks!

       

  • Fabian Keil

    Fabian Keil - 2021-11-05
    • status: pending --> closed
     

  • Fabian Keil

    Fabian Keil - 2021-11-05

    Looks like the Fedora people adjusted the SELinux settings

     

Log in to post a comment.