Bug 1246912
Summary: | SELinux is preventing plugin-containe from 'create' accesses on the directory .linphone-web. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ervin <ervindiner> | ||||||
Component: | selinux-policy | Assignee: | Vit Mojzis <vmojzis> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 22 | CC: | diego.ml, dominick.grift, dwalsh, ervindiner, lvrabec, mgrepl, plautrba | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | abrt_hash:2ab478b1aadd4462cce46de381ad1e33d92b88f0c08ec4b662ca1008f1dd0f63 | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 1279752 (view as bug list) | Environment: | |||||||
Last Closed: | 2015-12-17 15:49:59 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1279752 | ||||||||
Attachments: |
|
Description
Ervin
2015-07-26 22:27:39 UTC
I don't want to disable Selinux Control on the Firefox Plugins,it can cause security problems. Instead Selinux Policy should be updated. I don't think the Linphone web plugin is a threat to the system. However it must be checked it just by plainly allowing it, it can cause other security issues. Created attachment 1076216 [details]
Linphone web Type Enforcement rule file
Created attachment 1076218 [details]
Linphone web SELinux policy module file
SELinux policy module file to allow Linphone web plugin run.
(In reply to Diego from comment #3) > Created attachment 1076218 [details] > Linphone web SELinux policy module file > > SELinux policy module file to allow Linphone web plugin run. This file is generated by using audit2allow iteratively while encountering AVC denials, not hand writted. More AVCs might be encountered during use. Hello Diego, can modifying that file introduce security vulnerabilities? (In reply to Ervin from comment #1) > I don't want to disable Selinux Control on the Firefox Plugins,it can cause > security problems. > Instead Selinux Policy should be updated. I don't think the Linphone web > plugin is a threat to the system. > However it must be checked it just by plainly allowing it, it can cause > other security issues. This could work with filename transitions rules for ~/.linphone-web. Could you play around cat myplugin.te policy_module(myplugin.te,1.0) require{ type mozilla_home_t; } userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".linphone-web") and run # make -f /usr/share/selinux/devel/Makefile myplugin.pp # semodule -i myplugin.pp You will need to remove ~/.linphone-web to be recreated with a correct labeling. Thank you. I am having other problems with Web Linphone for now. The bug must be directed to Firefox. So I can't test it for now. *** This bug has been marked as a duplicate of bug 1279752 *** |