Bug 1300834
| Summary: | SELinux is preventing plugin-containe from read, write access on the file cert9.db. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Kowalski <jankowalski25> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:dba42cdfdc0b14e97e38732ffb9bae048bcbe01e119cf55bbb0a960e8fb43292;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-01-25 07:32:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1300833 *** |
Description of problem: SELinux is preventing plugin-containe from read, write access on the file cert9.db. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If you want to use the plugin package Then należy wyłączyć kontrolę SELinuksa nad wtyczkami Firefoksa. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If aby plugin-containe powinno mieć domyślnie read write dostęp do cert9.db file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:home_root_t:s0 Target Objects cert9.db [ file ] Source plugin-containe Source Path plugin-containe Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.3.3-300.fc23.x86_64 #1 SMP Tue Jan 5 23:31:01 UTC 2016 x86_64 x86_64 Alert Count 20 First Seen 2016-01-21 20:48:39 CET Last Seen 2016-01-21 22:42:35 CET Local ID 00cf5de9-cdf1-4bed-85fe-68ec19d03010 Raw Audit Messages type=AVC msg=audit(1453412555.975:1281): avc: denied { read write } for pid=8733 comm="plugin-containe" name="cert9.db" dev="dm-2" ino=652812 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file permissive=0 Hash: plugin-containe,mozilla_plugin_t,home_root_t,file,read,write Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.3.3-300.fc23.x86_64 type: libreport