Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 913404 Details for
Bug 1110355
SELinux is preventing /usr/lib64/firefox/plugin-container from 'name_bind' accesses on the tcp_socket .
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
name_connect access denial
file_1110355.txt (text/plain), 3.01 KB, created by
Aleksandar Kostadinov
on 2014-06-30 13:37:30 UTC
(
hide
)
Description:
name_connect access denial
Filename:
MIME Type:
Creator:
Aleksandar Kostadinov
Created:
2014-06-30 13:37:30 UTC
Size:
3.01 KB
patch
obsolete
>SELinux is preventing /usr/lib64/firefox/plugin-container from name_connect access on the tcp_socket . > >***** Plugin mozplugger (89.7 confidence) suggests ************************ > >If you want to use the plugin package >Then you must turn off SELinux controls on the Firefox plugins. >Do ># setsebool -P unconfined_mozilla_plugin_transition 0 > >***** Plugin catchall_boolean (10.0 confidence) suggests ****************** > >If you want to allow mozilla plugin domain to connect to the network using TCP. >Then you must tell SELinux about this by enabling the 'mozilla_plugin_can_network_connect' boolean. >You can read 'mozilla_selinux' man page for more details. >Do >setsebool -P mozilla_plugin_can_network_connect 1 > >***** Plugin catchall (1.69 confidence) suggests ************************** > >If you believe that plugin-container should be allowed name_connect access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c > 0.c1023 >Target Context system_u:object_r:commplex_main_port_t:s0 >Target Objects [ tcp_socket ] >Source plugin-containe >Source Path /usr/lib64/firefox/plugin-container >Port 5000 >Host koTapaH >Source RPM Packages firefox-30.0-4.fc20.x86_64 >Target RPM Packages >Policy RPM selinux-policy-3.12.1-171.fc20.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name koTapaH >Platform Linux koTapaH 3.14.8-200.fc20.x86_64 #1 SMP Mon > Jun 16 21:57:53 UTC 2014 x86_64 x86_64 >Alert Count 6 >First Seen 2014-06-30 16:34:32 EEST >Last Seen 2014-06-30 16:34:32 EEST >Local ID 39498f75-8359-4e02-be7d-ff04b5e20c13 > >Raw Audit Messages >type=AVC msg=audit(1404135272.356:8987): avc: denied { name_connect } for pid=15982 comm="plugin-containe" dest=5000 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1404135272.356:8987): arch=x86_64 syscall=connect success=no exit=EACCES a0=40 a1=7fd1d14de57c a2=10 a3=7fd1c52fcd98 items=0 ppid=14160 pid=15982 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) > >Hash: plugin-containe,mozilla_plugin_t,commplex_main_port_t,tcp_socket,name_connect
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=913404">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1110355
: 913404