[DSE-Dev] Bug#1105022: policycoreutils-python-utils: neovim package is unconfined by default, leading to AVC denial on "execmem"
Debian Admin
susadm1n.xyz at gmail.com
Sat May 10 04:25:19 BST 2025
Package: policycoreutils-python-utils
Version: 3.4-1
Severity: important
X-Debbugs-Cc: susadm1n.xyz at gmail.com
Dear Maintainer,
After installing SELinux according to Debian docs ( https://debian-handbook.info/browse/stable/sect.selinux.html & https://wiki.debian.org/SELinux/Setup ), the "nvim" command (part of the "neovim" package) results in an AVC denial on the process when calling "execmem" since the "neovim" package is unconfined by default.
Enabling the "allow_execmem" SELinux Boolean does allow the process to run as intended, but the boolean description (shown in output of "semanage boolean -l" command) specifies that it is dangerous for unconfined processes to use "execmem" and such processes should be reported to "the bugzilla" - I am not sure which Bugzilla to report to, but figured I would start with Debian.
Thanks in advance!
-- System Information:
Debian Release: 12.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-34-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages policycoreutils-python-utils depends on:
ii policycoreutils 3.4-1
ii python3 3.11.2-1+b1
ii python3-audit 1:3.0.9-1
ii python3-selinux 3.4-1+b6
ii python3-semanage 3.4-1+b5
ii python3-sepolgen 3.4-1
ii python3-sepolicy 3.4-1
ii python3-setools 4.4.1-2
ii selinux-utils 3.4-1+b6
policycoreutils-python-utils recommends no packages.
policycoreutils-python-utils suggests no packages.
-- no debconf information
More information about the SELinux-devel
mailing list