Labview 2017 Rocky


I have this issue, after install Labview 2017. This is start to open than close.

*****  Plugin allow_execheap (53.1 confidence) suggests   ********************

If you do not think /usr/local/natinst/LabVIEW-2017-64/labview should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
contact your security administrator and report this issue.

*****  Plugin catchall_boolean (42.6 confidence) suggests   ******************

If you want to allow selinuxuser to execheap
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.

setsebool -P selinuxuser_execheap 1

*****  Plugin catchall (5.76 confidence) suggests   **************************

If you believe that labview should be allowed execheap access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'labview' --raw | audit2allow -M my-labview
# semodule -X 300 -i my-labview.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
Target Objects                Unknown [ process ]
Source                        labview
Source Path                   /usr/local/natinst/LabVIEW-2017-64/labview
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           labview-2017-exe-17.0.0-1.x86_64
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-38.1.23-1.el9_3.2.noarch
Local Policy RPM              selinux-policy-targeted-38.1.23-1.el9_3.2.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              5.14.0-362.18.1.el9_3.0.1.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Sun Feb 11 13:49:23 UTC 2024
                              x86_64 x86_64
Alert Count                   12
First Seen                    2024-02-24 19:22:22 WET
Last Seen                     2024-02-25 10:53:06 WET
Local ID                      fab491fe-8d02-46a5-8632-737408b9439a

Raw Audit Messages
type=AVC msg=audit(1708858386.157:192): avc:  denied  { execheap } for  pid=4466 comm="labview" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0

type=SYSCALL msg=audit(1708858386.157:192): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=5714000 a1=5000 a2=7 a3=5717a00 items=0 ppid=2661 pid=4466 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm=labview exe=/usr/local/natinst/LabVIEW-2017-64/labview subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: labview,unconfined_t,unconfined_t,process,execheap

The logs you posted, suggest how to fix it:

setsebool -P selinuxuser_execheap 1

Do allow this access for now by executing:
# ausearch -c 'labview' --raw | audit2allow -M my-labview
# semodule -X 300 -i my-labview.pp

run the setsebool commands, as well as the ausearch and semodule ones and you should find it will resolve the problem.