| Summary: | SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'execute' accesses on the file /home/smmc/pro_r/.mozilla/plugins/libflashplayer.so. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | kuchiman <kuc4iman> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | djtr_2004, dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:e212075bf8a02e30fe5848e2a0643f8526b73e4be7241204e107aecca4737d02 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-24 12:47:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Why is your .mozilla directory in pro_r? Is this your homedir? Description of problem: Installed CACkey libraries placed libcackey.so into the security devices of Firefox ver 25 tried to read the certificates of my card by clicking on View Certificates in Firefox gave the error message Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-301.fc20.i686+PAE type: libreport |
Description of problem: SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'execute' accesses on the file /home/smmc/pro_r/.mozilla/plugins/libflashplayer.so. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If you want to use the plugin package Then необходимо отключить контроль SELinux для дополнительных модулей Firefox. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If вы считаете, что plugin-container следует разрешить доступ execute к libflashplayer.so file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do чтобы разрешить доступ, выполните: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/smmc/pro_r/.mozilla/plugins/libflashplayer.s o [ file ] Source plugin-containe Source Path /usr/lib64/xulrunner/plugin-container Port <Неизвестно> Host (removed) Source RPM Packages xulrunner-24.0-2.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-75.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.4-302.fc20.x86_64 #1 SMP Fri Oct 11 17:43:41 UTC 2013 x86_64 x86_64 Alert Count 17 First Seen 2013-10-15 17:49:18 SAMT Last Seen 2013-10-15 17:58:24 SAMT Local ID 7abafc41-bb82-488b-9188-16e10e1e6cd5 Raw Audit Messages type=AVC msg=audit(1381845504.435:820): avc: denied { execute } for pid=27091 comm="plugin-containe" path="/home/smmc/pro_r/.mozilla/plugins/libflashplayer.so" dev="sda3" ino=26311 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1381845504.435:820): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=1560308 a2=5 a3=802 items=0 ppid=26594 pid=27091 auid=46603642 uid=46603642 gid=46600513 euid=46603642 suid=46603642 fsuid=46603642 egid=46600513 sgid=46600513 fsgid=46600513 ses=2 tty=(none) comm=plugin-containe exe=/usr/lib64/xulrunner/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,execute Additional info: reporter: libreport-2.1.8 hashmarkername: setroubleshoot kernel: 3.11.4-302.fc20.x86_64 type: libreport Potential duplicate: bug 827678