Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 594906 Details for
Bug 836079
selinux-policy creates an alert on totem-plugin-viewer writing to home directory
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
SELinux alert detail
selinux-alert.html (text/html), 3.87 KB, created by
Frank Jacobberger
on 2012-06-28 04:45:49 UTC
(
hide
)
Description:
SELinux alert detail
Filename:
MIME Type:
Creator:
Frank Jacobberger
Created:
2012-06-28 04:45:49 UTC
Size:
3.87 KB
patch
obsolete
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> ><HTML> ><HEAD> > <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> > <TITLE></TITLE> > <META NAME="GENERATOR" CONTENT="LibreOffice 3.5 (Linux)"> > <META NAME="CREATED" CONTENT="20120627;21584700"> > <META NAME="CHANGED" CONTENT="20120627;21595100"> > <STYLE TYPE="text/css"> > <!-- > PRE.cjk { font-family: "WenQuanYi Zen Hei Sharp", monospace } > PRE.ctl { font-family: "Lohit Devanagari", monospace } > --> > </STYLE> ></HEAD> ><BODY LANG="en-US" DIR="LTR"> ><PRE CLASS="western"></PRE> ><DIV ID="paste_border" DIR="LTR"> > <DIV ID="paste_container" DIR="LTR"> > <PRE CLASS="western">SELinux is preventing /usr/libexec/totem-plugin-viewer from write access on the file /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc. > >***** Plugin restorecon (99.5 confidence) suggests ************************* > >If you want to fix the label. >/home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc default label should be cache_home_t. >Then you can run restorecon. >Do ># /sbin/restorecon -v /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc > >***** Plugin catchall (1.49 confidence) suggests *************************** > >If you believe that totem-plugin-viewer should be allowed write access on the 5e6ad28286c1ed67.toc file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep totem-plugin-vi /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c > 0.c1023 >Target Context unconfined_u:object_r:user_home_t:s0 >Target Objects /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a0 > 17e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc [ file > ] >Source totem-plugin-vi >Source Path /usr/libexec/totem-plugin-viewer >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-mozplugin-3.4.2-1.fc17.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-132.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name localhost.localdomain >Platform Linux localhost.localdomain 3.4.3-1.fc17.x86_64 #1 > SMP Mon Jun 18 19:53:17 UTC 2012 x86_64 x86_64 >Alert Count 1972 >First Seen Wed 27 Jun 2012 04:11:45 AM MDT >Last Seen Wed 27 Jun 2012 07:29:56 PM MDT >Local ID d3ecf672-fd8f-4d78-b35f-d415f1ca4b02 > >Raw Audit Messages >type=AVC msg=audit(1340846996.455:26240): avc: denied { write } for pid=8635 comm="totem-plugin-vi" name="5e6ad28286c1ed67.toc" dev="dm-2" ino=21759767 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file > >type=SYSCALL msg=audit(1340846996.455:26240): arch=x86_64 syscall=open success=no exit=EACCES a0=15e8c00 a1=242 a2=1b6 a3=238 items=0 ppid=1 pid=8635 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=totem-plugin-vi exe=/usr/libexec/totem-plugin-viewer subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) > >Hash: totem-plugin-vi,mozilla_plugin_t,user_home_t,file,write > >audit2allowunable to open /sys/fs/selinux/policy: Permission denied > >audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied</PRE> > </DIV> ></DIV> ><P><BR><BR> ></P> ></BODY> ></HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> <TITLE></TITLE> <META NAME="GENERATOR" CONTENT="LibreOffice 3.5 (Linux)"> <META NAME="CREATED" CONTENT="20120627;21584700"> <META NAME="CHANGED" CONTENT="20120627;21595100"> <STYLE TYPE="text/css"> <!-- PRE.cjk { font-family: "WenQuanYi Zen Hei Sharp", monospace } PRE.ctl { font-family: "Lohit Devanagari", monospace } --> </STYLE> </HEAD> <BODY LANG="en-US" DIR="LTR"> <PRE CLASS="western"></PRE> <DIV ID="paste_border" DIR="LTR"> <DIV ID="paste_container" DIR="LTR"> <PRE CLASS="western">SELinux is preventing /usr/libexec/totem-plugin-viewer from write access on the file /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc default label should be cache_home_t. Then you can run restorecon. Do # /sbin/restorecon -v /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that totem-plugin-viewer should be allowed write access on the 5e6ad28286c1ed67.toc file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep totem-plugin-vi /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/fxj/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a0 17e4/8a42b54c39a9c127/5e6ad28286c1ed67.toc [ file ] Source totem-plugin-vi Source Path /usr/libexec/totem-plugin-viewer Port <Unknown> Host localhost.localdomain Source RPM Packages totem-mozplugin-3.4.2-1.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-132.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.4.3-1.fc17.x86_64 #1 SMP Mon Jun 18 19:53:17 UTC 2012 x86_64 x86_64 Alert Count 1972 First Seen Wed 27 Jun 2012 04:11:45 AM MDT Last Seen Wed 27 Jun 2012 07:29:56 PM MDT Local ID d3ecf672-fd8f-4d78-b35f-d415f1ca4b02 Raw Audit Messages type=AVC msg=audit(1340846996.455:26240): avc: denied { write } for pid=8635 comm="totem-plugin-vi" name="5e6ad28286c1ed67.toc" dev="dm-2" ino=21759767 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1340846996.455:26240): arch=x86_64 syscall=open success=no exit=EACCES a0=15e8c00 a1=242 a2=1b6 a3=238 items=0 ppid=1 pid=8635 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=totem-plugin-vi exe=/usr/libexec/totem-plugin-viewer subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: totem-plugin-vi,mozilla_plugin_t,user_home_t,file,write audit2allowunable to open /sys/fs/selinux/policy: Permission denied audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied</PRE> </DIV> </DIV> <P><BR><BR> </P> </BODY> </HTML>
View Attachment As Raw
Actions:
View
Attachments on
bug 836079
: 594906