Labview 2017 Rocky

Hello!

I have this issue, after install Labview 2017. This is start to open than close.

*****  Plugin allow_execheap (53.1 confidence) suggests   ********************

If you do not think /usr/local/natinst/LabVIEW-2017-64/labview should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
Do
contact your security administrator and report this issue.

*****  Plugin catchall_boolean (42.6 confidence) suggests   ******************

If you want to allow selinuxuser to execheap
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.

Do
setsebool -P selinuxuser_execheap 1

*****  Plugin catchall (5.76 confidence) suggests   **************************

If you believe that labview should be allowed execheap access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'labview' --raw | audit2allow -M my-labview
# semodule -X 300 -i my-labview.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                Unknown [ process ]
Source                        labview
Source Path                   /usr/local/natinst/LabVIEW-2017-64/labview
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           labview-2017-exe-17.0.0-1.x86_64
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-38.1.23-1.el9_3.2.noarch
Local Policy RPM              selinux-policy-targeted-38.1.23-1.el9_3.2.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              5.14.0-362.18.1.el9_3.0.1.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Sun Feb 11 13:49:23 UTC 2024
                              x86_64 x86_64
Alert Count                   12
First Seen                    2024-02-24 19:22:22 WET
Last Seen                     2024-02-25 10:53:06 WET
Local ID                      fab491fe-8d02-46a5-8632-737408b9439a

Raw Audit Messages
type=AVC msg=audit(1708858386.157:192): avc:  denied  { execheap } for  pid=4466 comm="labview" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0


type=SYSCALL msg=audit(1708858386.157:192): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=5714000 a1=5000 a2=7 a3=5717a00 items=0 ppid=2661 pid=4466 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm=labview exe=/usr/local/natinst/LabVIEW-2017-64/labview subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: labview,unconfined_t,unconfined_t,process,execheap

The logs you posted, suggest how to fix it:

setsebool -P selinuxuser_execheap 1

Do allow this access for now by executing:
# ausearch -c 'labview' --raw | audit2allow -M my-labview
# semodule -X 300 -i my-labview.pp

run the setsebool commands, as well as the ausearch and semodule ones and you should find it will resolve the problem.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.