Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 595026 Details for
Bug 836080
selinux-policy creates an alert on totem-plugin-viewer writing to home directory
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Reoccurence of Selinux-policy alert on totem-plugin-viewer
selinux-alert_2.html (text/html), 3.53 KB, created by
Frank Jacobberger
on 2012-06-28 13:55:39 UTC
(
hide
)
Description:
Reoccurence of Selinux-policy alert on totem-plugin-viewer
Filename:
MIME Type:
Creator:
Frank Jacobberger
Created:
2012-06-28 13:55:39 UTC
Size:
3.53 KB
patch
obsolete
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> ><HTML> ><HEAD> > <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> > <TITLE></TITLE> > <META NAME="GENERATOR" CONTENT="LibreOffice 3.5 (Linux)"> > <META NAME="CREATED" CONTENT="20120627;21584700"> > <META NAME="CHANGED" CONTENT="20120628;7482300"> > <STYLE TYPE="text/css"> > <!-- > PRE.cjk { font-family: "WenQuanYi Zen Hei Sharp", monospace } > PRE.ctl { font-family: "Lohit Devanagari", monospace } > --> > </STYLE> ></HEAD> ><BODY LANG="en-US" DIR="LTR"> ><DIV ID="paste_border" DIR="LTR"> > <PRE CLASS="western"><A NAME="paste_border"></A></PRE> > <DIV ID="Section1" DIR="LTR"> > <DIV ID="paste_container" DIR="LTR"> > <PRE CLASS="western">SELinux is preventing /usr/libexec/totem-plugin-viewer from execute access on the file /home/fxj/.orc/orcexec.j8HRwW (deleted). > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that totem-plugin-viewer should be allowed execute access on the orcexec.j8HRwW (deleted) file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep multiqueue0:src /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c > 0.c1023 >Target Context unconfined_u:object_r:gstreamer_home_t:s0 >Target Objects /home/fxj/.orc/orcexec.j8HRwW (deleted) [ file ] >Source multiqueue0:src >Source Path /usr/libexec/totem-plugin-viewer >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-mozplugin-3.4.2-1.fc17.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-132.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name localhost.localdomain >Platform Linux localhost.localdomain 3.4.3-1.fc17.x86_64 #1 > SMP Mon Jun 18 19:53:17 UTC 2012 x86_64 x86_64 >Alert Count 1 >First Seen Thu 28 Jun 2012 07:28:12 AM MDT >Last Seen Thu 28 Jun 2012 07:28:12 AM MDT >Local ID 52d1ab57-3fea-42f5-bea9-dd71f0d97ec1 > >Raw Audit Messages >type=AVC msg=audit(1340890092.797:29900): avc: denied { execute } for pid=23454 comm="multiqueue0:src" path=2F686F6D652F66786A2F2E6F72632F6F7263657865632E6A3848527757202864656C6574656429 dev="dm-2" ino=21366460 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gstreamer_home_t:s0 tclass=file > > >type=SYSCALL msg=audit(1340890092.797:29900): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=5 a3=1 items=0 ppid=1 pid=23454 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=multiqueue0:src exe=/usr/libexec/totem-plugin-viewer subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) > >Hash: multiqueue0:src,mozilla_plugin_t,gstreamer_home_t,file,execute > >audit2allowunable to open /sys/fs/selinux/policy: Permission denied > > >audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied</PRE> > </DIV> > </DIV> > <P><BR><BR> > </P> ></DIV> ><P><BR><BR> ></P> ></BODY> ></HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8"> <TITLE></TITLE> <META NAME="GENERATOR" CONTENT="LibreOffice 3.5 (Linux)"> <META NAME="CREATED" CONTENT="20120627;21584700"> <META NAME="CHANGED" CONTENT="20120628;7482300"> <STYLE TYPE="text/css"> <!-- PRE.cjk { font-family: "WenQuanYi Zen Hei Sharp", monospace } PRE.ctl { font-family: "Lohit Devanagari", monospace } --> </STYLE> </HEAD> <BODY LANG="en-US" DIR="LTR"> <DIV ID="paste_border" DIR="LTR"> <PRE CLASS="western"><A NAME="paste_border"></A></PRE> <DIV ID="Section1" DIR="LTR"> <DIV ID="paste_container" DIR="LTR"> <PRE CLASS="western">SELinux is preventing /usr/libexec/totem-plugin-viewer from execute access on the file /home/fxj/.orc/orcexec.j8HRwW (deleted). ***** Plugin catchall (100. confidence) suggests *************************** If you believe that totem-plugin-viewer should be allowed execute access on the orcexec.j8HRwW (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep multiqueue0:src /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:gstreamer_home_t:s0 Target Objects /home/fxj/.orc/orcexec.j8HRwW (deleted) [ file ] Source multiqueue0:src Source Path /usr/libexec/totem-plugin-viewer Port <Unknown> Host localhost.localdomain Source RPM Packages totem-mozplugin-3.4.2-1.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-132.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.4.3-1.fc17.x86_64 #1 SMP Mon Jun 18 19:53:17 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen Thu 28 Jun 2012 07:28:12 AM MDT Last Seen Thu 28 Jun 2012 07:28:12 AM MDT Local ID 52d1ab57-3fea-42f5-bea9-dd71f0d97ec1 Raw Audit Messages type=AVC msg=audit(1340890092.797:29900): avc: denied { execute } for pid=23454 comm="multiqueue0:src" path=2F686F6D652F66786A2F2E6F72632F6F7263657865632E6A3848527757202864656C6574656429 dev="dm-2" ino=21366460 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gstreamer_home_t:s0 tclass=file type=SYSCALL msg=audit(1340890092.797:29900): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=5 a3=1 items=0 ppid=1 pid=23454 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=multiqueue0:src exe=/usr/libexec/totem-plugin-viewer subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: multiqueue0:src,mozilla_plugin_t,gstreamer_home_t,file,execute audit2allowunable to open /sys/fs/selinux/policy: Permission denied audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied</PRE> </DIV> </DIV> <P><BR><BR> </P> </DIV> <P><BR><BR> </P> </BODY> </HTML>
View Attachment As Raw
Actions:
View
Attachments on
bug 836080
:
594907
| 595026 |
595027