Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 291613 Details for
Bug 428706
SELinux is preventing /usr/lib/firefox-1.5.0.12/firefox-bin from loading /usr/lib/firefox-1.5.0.12/plugins/nppdf.so which requires text relocation.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
SELinux is preventing /usr/lib/firefox-1.5.0.12/firefox-bin from loading /usr/lib/firefox-1.5.0.12/plugins/nppdf.so which requires text relocation.
selinux_alert.txt (text/plain), 4.86 KB, created by
Kenneth Morgan
on 2008-01-14 18:52:23 UTC
(
hide
)
Description:
SELinux is preventing /usr/lib/firefox-1.5.0.12/firefox-bin from loading /usr/lib/firefox-1.5.0.12/plugins/nppdf.so which requires text relocation.
Filename:
MIME Type:
Creator:
Kenneth Morgan
Created:
2008-01-14 18:52:23 UTC
Size:
4.86 KB
patch
obsolete
>Summary > SELinux is preventing /usr/lib/firefox-1.5.0.12/firefox-bin from loading > /usr/lib/firefox-1.5.0.12/plugins/nppdf.so which requires text relocation. > >Detailed Description > The /usr/lib/firefox-1.5.0.12/firefox-bin application attempted to load > /usr/lib/firefox-1.5.0.12/plugins/nppdf.so which requires text relocation. > This is a potential security problem. Most libraries do not need this > permission. Libraries are sometimes coded incorrectly and request this > permission. The http://people.redhat.com/drepper/selinux-mem.html web page > explains how to remove this requirement. You can configure SELinux > temporarily to allow /usr/lib/firefox-1.5.0.12/plugins/nppdf.so to use > relocation as a workaround, until the library is fixed. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Allowing Access > If you trust /usr/lib/firefox-1.5.0.12/plugins/nppdf.so to run correctly, > you can change the file context to textrel_shlib_t. "chcon -t > textrel_shlib_t /usr/lib/firefox-1.5.0.12/plugins/nppdf.so" > > The following command will allow this access: > chcon -t textrel_shlib_t /usr/lib/firefox-1.5.0.12/plugins/nppdf.so > >Additional Information > >Source Context user_u:system_r:unconfined_t >Target Context system_u:object_r:lib_t >Target Objects /usr/lib/firefox-1.5.0.12/plugins/nppdf.so [ file > ] >Affected RPM Packages firefox-1.5.0.12-7.el5 [application] >Policy RPM selinux-policy-2.4.6-106.el5_1.3 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.allow_execmod >Host Name population.genetics.mcgill.ca >Platform Linux population.genetics.mcgill.ca > 2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 EST > 2007 i686 athlon >Alert Count 20 >Line Numbers > >Raw Audit Messages > >avc: denied { execmod } for comm="firefox-bin" dev=dm-0 egid=500 euid=500 >exe="/usr/lib/firefox-1.5.0.12/firefox-bin" exit=-13 fsgid=500 fsuid=500 gid=500 >items=0 path="/usr/lib/firefox-1.5.0.12/plugins/nppdf.so" pid=5383 >scontext=user_u:system_r:unconfined_t:s0 sgid=500 >subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file >tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500 > > >Summary > SELinux is preventing /usr/lib/firefox-1.5.0.12/firefox-bin from loading > /usr/lib/mozilla/plugins/nppdf.so which requires text relocation. > >Detailed Description > The /usr/lib/firefox-1.5.0.12/firefox-bin application attempted to load > /usr/lib/mozilla/plugins/nppdf.so which requires text relocation. This is a > potential security problem. Most libraries do not need this permission. > Libraries are sometimes coded incorrectly and request this permission. The > http://people.redhat.com/drepper/selinux-mem.html web page explains how to > remove this requirement. You can configure SELinux temporarily to allow > /usr/lib/mozilla/plugins/nppdf.so to use relocation as a workaround, until > the library is fixed. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Allowing Access > If you trust /usr/lib/mozilla/plugins/nppdf.so to run correctly, you can > change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t > /usr/lib/mozilla/plugins/nppdf.so" > > The following command will allow this access: > chcon -t textrel_shlib_t /usr/lib/mozilla/plugins/nppdf.so > >Additional Information > >Source Context user_u:system_r:unconfined_t >Target Context system_u:object_r:lib_t >Target Objects /usr/lib/mozilla/plugins/nppdf.so [ file ] >Affected RPM Packages firefox-1.5.0.12-7.el5 [application] >Policy RPM selinux-policy-2.4.6-106.el5_1.3 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.allow_execmod >Host Name population.genetics.mcgill.ca >Platform Linux population.genetics.mcgill.ca > 2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 EST > 2007 i686 athlon >Alert Count 10 >Line Numbers > >Raw Audit Messages > >avc: denied { execmod } for comm="firefox-bin" dev=dm-0 egid=500 euid=500 >exe="/usr/lib/firefox-1.5.0.12/firefox-bin" exit=-13 fsgid=500 fsuid=500 gid=500 >items=0 path="/usr/lib/mozilla/plugins/nppdf.so" pid=5383 >scontext=user_u:system_r:unconfined_t:s0 sgid=500 >subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file >tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=291613">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 428706
: 291613