Bug 1279044
| Summary: | SELinux is preventing abrt-hook-ccpp from 'getattr' accesses on the file /usr/lib64/firefox/plugin-container. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Anass Ahmed <anass.1430> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | anass.1430, dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:c2567c0752eb68e0fc319a46cc5ba1fa4c57a274cc37fd3c1b4141d869533549;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-08 09:29:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I would like to add that I'm using the pepper flash plugin from Russian Fedora to get the latest Flash 19 of Google Chrome working on Firefox. But the bug resolution has nothing to do with this as it's a problem in SELinux policy not an issue in Pepper Flash itself (let the core dump aside for now). *** This bug has been marked as a duplicate of bug 1276305 *** |
Description of problem: This always happens when I finish watching a Youtube video on Firefox and get back to another page on Youtubue. I'm using HTML5 on Youtube but I think It loads Flash in background to fallback to. I've disabled Flash completely from Firefox and the problem had disappeard (but this is not the solution). I've tried the proposed commands of audit2allow and semodule but they have failed: # semodule -i abrt.pp libsemanage.semanage_direct_install_info: Overriding abrt module at lower priority 100 with module at priority 400. Failed to resolve typeattributeset statement at 2 of /var/lib/selinux/targeted/tmp/modules/400/abrt/cil Failed to resolve ast semodule: Failed! SELinux is preventing abrt-hook-ccpp from 'getattr' accesses on the file /usr/lib64/firefox/plugin-container. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that abrt-hook-ccpp should be allowed getattr access on the plugin-container file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:abrt_dump_oops_t:s0 Target Context system_u:object_r:mozilla_plugin_exec_t:s0 Target Objects /usr/lib64/firefox/plugin-container [ file ] Source abrt-hook-ccpp Source Path abrt-hook-ccpp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.3-300.fc23.x86_64 #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64 Alert Count 2 First Seen 2015-11-07 14:42:22 EET Last Seen 2015-11-07 14:49:29 EET Local ID 64fbde55-483a-47bd-9584-cbbb61dc2cdc Raw Audit Messages type=AVC msg=audit(1446900569.161:2448): avc: denied { getattr } for pid=8972 comm="abrt-hook-ccpp" path="/usr/lib64/firefox/plugin-container" dev="sda2" ino=139326 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:mozilla_plugin_exec_t:s0 tclass=file permissive=0 Hash: abrt-hook-ccpp,abrt_dump_oops_t,mozilla_plugin_exec_t,file,getattr Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-300.fc23.x86_64 type: libreport Potential duplicate: bug 1276644