Package: rsync Version: 3.2.0-1 Severity: important Hi,
rsync in version 3.2.0-1 started to require the SELinux permission execmem. If denied rsync fails with "Segmentation fault". This is probably due to the stack marked as executable, and hopefully fixed with 3.2.1 ("Avoid the stack getting set to executable when including the asm code."). Example SELinux denial: type=PROCTITLE msg=audit(06/23/20 10:57:42.939:3074) : proctitle=(null) type=PATH msg=audit(06/23/20 10:57:42.939:3074) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=131080 dev=08:01 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(06/23/20 10:57:42.939:3074) : item=0 name=/usr/bin/rsync inode=394343 dev=08:01 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(06/23/20 10:57:42.939:3074) : cwd=/tmp/backupv595nZLr type=BPRM_FCAPS msg=audit(06/23/20 10:57:42.939:3074) : fver=0 fp=none fi=none fe=0 old_pp=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,net_admin,net_raw,ipc_lock,ipc_owner,sys_chroot,sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,sys_tty_config,lease,audit_write,audit_control,setfcap,mac_override,mac_admin,block_suspend,audit_read old_pi=none old_pe=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,net_admin,net_raw,ipc_lock,ipc_owner,sys_chroot,sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,sys_tty_config,lease,audit_write,audit_control,setfcap,mac_override,mac_admin,block_suspend,audit_read old_pa=none pp=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,net_admin,net_raw,ipc_lock,ipc_owner,sys_chroot,sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,sys_tty_config,lease,audit_write,audit_control,setfcap,mac_override,mac_admin,block_suspend,audit_read pi=none pe=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,net_admin,net_raw,ipc_lock,ipc_owner,sys_chroot,sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,sys_tty_config,lease,audit_write,audit_control,setfcap,mac_override,mac_admin,block_suspend,audit_read pa=none frootid=0 type=SYSCALL msg=audit(06/23/20 10:57:42.939:3074) : arch=x86_64 syscall=execve per=unknown-personality(0x400000) success=no exit=EACCES(Permission denied) a0=0x55c281996c78 a1=0x55c281996c08 a2=0x55c281996c30 a3=0x7f8cbdeb6850 items=2 ppid=1879915 pid=1879935 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rsync exe=/usr/bin/rsync subj=system_u:system_r:backuptimer_t:s0 key=(null) type=AVC msg=audit(06/23/20 10:57:42.939:3074) : avc: denied { execmem } for pid=1879935 comm=rsync scontext=system_u:system_r:backuptimer_t:s0 tcontext=system_u:system_r:backuptimer_t:s0 tclass=process permissive=0