| Summary: | SELinux is preventing /usr/lib64/firefox/plugin-container from read access on the file | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Germano Massullo <germano.massullo> |
| Component: | selinux-policy-targeted | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dwalsh, lvrabec |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-15 16:40:42 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi, Could you run: # restorecon -R -v /home And let me know if this fixed the problem? Thank you. (In reply to Lukas Vrabec from comment #1) > Hi, > > Could you run: > > # restorecon -R -v /home > > And let me know if this fixed the problem? > > Thank you. I runned the command, but since the file is hosted in an Ext4 partition under /media/foo/... the problem is still present. Is it okay to run # restorecon -R -v /media ? I have also made a test copying the file in /home/foo/ and the upload works if you tell Firefox to get the file from there. |
I was loading a .okular file into Google Drive, when Firefox said that the current tab had troubles, and I got the following SELinux alert SELinux is preventing /usr/lib64/firefox/plugin-container from read access on the file 2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172. ***** Plugin mozplugger (93.0 confidence) suggests ************************ If si vuole usare il pacchetto plugin Then disabilitare i controlli SELinux sui plugin di Firefox. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall_labels (6.67 confidence) suggests ******************* If you want to allow plugin-container to have read access on the 2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172 file Then e' necessario modificare l'etichetta su 2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172 Do # semanage fcontext -a -t TIPO_FILE '2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172' dove TIPO_FILE è uno dei seguenti: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, NetworkManager_initrc_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, acct_initrc_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, afs_cache_t, afs_initrc_exec_t, aiccu_etc_t, aiccu_initrc_exec_t, aide_exec_t, ajaxterm_initrc_exec_t, alsa_etc_rw_t, alsa_exec_t, alsa_home_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, amtu_initrc_exec_t, anacron_exec_t, antivirus_conf_t, antivirus_home_t, antivirus_initrc_exec_t, antivirus_tmp_t, apcupsd_initrc_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_initrc_exec_t, apmd_tmp_t, arpwatch_initrc_exec_t, arpwatch_tmp_t, asterisk_etc_t, asterisk_initrc_exec_t, asterisk_tmp_t, audio_home_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_initrc_exec_t, auth_home_t, authconfig_exec_t, autofs_t, automount_initrc_exec_t, automount_tmp_t, avahi_exec_t, avahi_initrc_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_initrc_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bcfg2_initrc_exec_t, bin_t, bitlbee_conf_t, bitlbee_initrc_exec_t, bitlbee_tmp_t, blkmapd_initrc_exec_t, blueman_exec_t, blueman_tmp_t, bluetooth_conf_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_initrc_exec_t, bluetooth_tmp_t, boinc_initrc_exec_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_etc_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_tmp_t, cache_home_t, calamaris_exec_t, callweaver_initrc_exec_t, canna_initrc_exec_t, cardctl_exec_t, cardmgr_dev_t, ccs_initrc_exec_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmaster_initrc_exec_t, certmonger_initrc_exec_t, certmonger_unconfined_exec_t, certwatch_exec_t, cfengine_initrc_exec_t, cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t, cgrules_etc_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_home_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyd_initrc_exec_t, cifs_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, ciped_initrc_exec_t, cloud_init_tmp_t, cluster_conf_t, cluster_initrc_exec_t, cluster_tmp_t, clvmd_initrc_exec_t, cmirrord_initrc_exec_t, cobbler_etc_t, cobbler_tmp_t, cobblerd_initrc_exec_t, cockpit_tmp_t, collectd_initrc_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_conf_t, condor_initrc_exec_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, config_home_t, config_usr_t, conman_tmp_t, consolehelper_exec_t, consolekit_exec_t, couchdb_conf_t, couchdb_initrc_exec_t, couchdb_tmp_t, courier_etc_t, courier_exec_t, cpu_online_t, cpucontrol_conf_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuplug_initrc_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_initrc_exec_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_initrc_exec_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_etc_t, cupsd_initrc_exec_t, cupsd_lpd_tmp_t, cupsd_rw_etc_t, cupsd_tmp_t, cvs_exec_t, cvs_home_t, cvs_initrc_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_initrc_exec_t, cyphesis_tmp_t, cyrus_initrc_exec_t, cyrus_tmp_t, data_home_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbus_home_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_etc_t, ddclient_initrc_exec_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, denyhosts_initrc_exec_t, depmod_exec_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcp_etc_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpc_tmp_t, dhcpd_initrc_exec_t, dhcpd_tmp_t, dictd_etc_t, dictd_initrc_exec_t, dirsrv_tmp_t, dirsrvadmin_tmp_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dlm_controld_initrc_exec_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_etc_t, dnsmasq_initrc_exec_t, dnssec_trigger_tmp_t, dosfs_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_etc_t, dovecot_initrc_exec_t, dovecot_tmp_t, drbd_initrc_exec_t, drbd_tmp_t, dspam_initrc_exec_t, ecryptfs_t, efivarfs_t, entropyd_initrc_exec_t, etc_mail_t, etc_runtime_t, etc_t, exim_exec_t, exim_initrc_exec_t, exim_tmp_t, exports_t, fail2ban_client_exec_t, fail2ban_initrc_exec_t, fail2ban_tmp_t, fcoemon_initrc_exec_t, fenced_tmp_t, fetchmail_etc_t, fetchmail_exec_t, fetchmail_home_t, fetchmail_initrc_exec_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firewalld_exec_t, firewalld_initrc_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_etc_t, firstboot_exec_t, foghorn_initrc_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_initrc_exec_t, fsdaemon_tmp_t, ftpd_etc_t, ftpd_initrc_exec_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fusefs_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_etc_t, gconf_home_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, gdomap_conf_t, gdomap_initrc_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_etc_t, getty_exec_t, getty_tmp_t, git_script_tmp_t, git_user_content_t, gitd_exec_t, gitosis_exec_t, gkeyringd_exec_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, glance_api_initrc_exec_t, glance_registry_initrc_exec_t, glance_registry_tmp_t, glance_scrubber_initrc_exec_t, glance_tmp_t, glusterd_initrc_exec_t, glusterd_tmp_t, gnome_home_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpg_secret_t, gpm_conf_t, gpm_initrc_exec_t, gpm_tmp_t, gpsd_exec_t, gpsd_initrc_exec_t, groupadd_exec_t, gssd_tmp_t, gstreamer_home_t, hddtemp_etc_t, hddtemp_initrc_exec_t, home_bin_t, home_cert_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_config_t, httpd_initrc_exec_t, httpd_passwd_exec_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, httpd_user_content_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, hugetlbfs_t, hwclock_exec_t, hypervkvp_initrc_exec_t, icc_data_home_t, iceauth_exec_t, iceauth_home_t, icecast_exec_t, icecast_initrc_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_exec_t, initrc_tmp_t, innd_etc_t, innd_initrc_exec_t, insmod_exec_t, install_exec_t, iodined_initrc_exec_t, iotop_exec_t, ipa_helper_exec_t, ipsec_initrc_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_initrc_exec_t, iptables_tmp_t, irc_conf_t, irc_exec_t, irc_home_t, irc_tmp_t, irqbalance_initrc_exec_t, irssi_etc_t, irssi_exec_t, irssi_home_t, iscsi_tmp_t, isnsd_initrc_exec_t, iso9660_t, iwhd_initrc_exec_t, jabberd_initrc_exec_t, jetty_tmp_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_etc_t, kdump_exec_t, kdump_initrc_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_unconfined_script_exec_t, kerberos_initrc_exec_t, keystone_initrc_exec_t, keystone_tmp_t, kismet_exec_t, kismet_home_t, kismet_initrc_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmscon_conf_t, krb5_conf_t, krb5_home_t, krb5_host_rcache_t, krb5kdc_conf_t, krb5kdc_tmp_t, ksmtuned_initrc_exec_t, ktalkd_tmp_t, l2tp_conf_t, l2tpd_initrc_exec_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, likewise_etc_t, likewise_initrc_exec_t, lircd_etc_t, lircd_initrc_exec_t, livecd_exec_t, livecd_tmp_t, lldpad_initrc_exec_t, load_policy_exec_t, loadkeys_exec_t, local_login_home_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_etc_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_home_rw_t, mail_home_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_cache_t, man_t, mandb_cache_t, mandb_home_t, mcelog_etc_t, mcelog_exec_t, mcelog_initrc_exec_t, mdadm_conf_t, mdadm_initrc_exec_t, mdadm_tmp_t, mediawiki_tmp_t, memcached_initrc_exec_t, mencoder_exec_t, minidlna_conf_t, minidlna_initrc_exec_t, minissdpd_conf_t, minissdpd_initrc_exec_t, mirrormanager_exec_t, mock_build_exec_t, mock_etc_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, modules_conf_t, mojomojo_tmp_t, mon_statd_initrc_exec_t, mongod_initrc_exec_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exec_t, mount_tmp_t, mozilla_conf_t, mozilla_exec_t, mozilla_home_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mozilla_plugin_rw_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_etc_t, mpd_exec_t, mpd_home_t, mpd_initrc_exec_t, mpd_tmp_t, mpd_user_data_t, mplayer_etc_t, mplayer_exec_t, mplayer_home_t, mplayer_tmpfs_t, mrtg_etc_t, mrtg_exec_t, mrtg_initrc_exec_t, mscan_etc_t, mscan_initrc_exec_t, mscan_tmp_t, munin_etc_t, munin_initrc_exec_t, munin_script_tmp_t, munin_tmp_t, mysqld_etc_t, mysqld_home_t, mysqld_initrc_exec_t, mysqld_tmp_t, mysqlmanagerd_initrc_exec_t, naemon_initrc_exec_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_etc_t, nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_tmp_t, nagios_initrc_exec_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_openshift_plugin_tmp_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_system_plugin_tmp_t, nagios_tmp_t, nagios_unconfined_plugin_exec_t, named_checkconf_exec_t, named_conf_t, named_exec_t, named_initrc_exec_t, named_tmp_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, net_conf_t, netlabel_mgmt_exec_t, netutils_exec_t, netutils_tmp_t, neutron_initrc_exec_t, neutron_tmp_t, newrole_exec_t, nfs_t, nfsd_initrc_exec_t, nis_initrc_exec_t, nova_tmp_t, nrpe_etc_t, nscd_initrc_exec_t, nsd_tmp_t, nslcd_conf_t, nslcd_initrc_exec_t, ntop_etc_t, ntop_initrc_exec_t, ntop_tmp_t, ntp_conf_t, ntpd_initrc_exec_t, ntpd_tmp_t, ntpdate_exec_t, nut_conf_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nx_server_tmp_t, obex_exec_t, oddjob_mkhomedir_exec_t, openct_initrc_exec_t, openhpid_initrc_exec_t, openshift_cgroup_read_exec_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_net_read_exec_t, openshift_tmp_t, openshift_var_lib_t, openvpn_etc_rw_t, openvpn_etc_t, openvpn_initrc_exec_t, openvpn_tmp_t, openvswitch_rw_t, openvswitch_tmp_t, openwsman_tmp_t, oracleasm_initrc_exec_t, osad_initrc_exec_t, pads_config_t, pads_exec_t, pads_initrc_exec_t, pam_console_exec_t, pam_timestamp_tmp_t, passenger_tmp_t, passwd_exec_t, passwd_file_t, pcp_pmcd_initrc_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmmgr_initrc_exec_t, pcp_pmproxy_initrc_exec_t, pcp_pmwebd_initrc_exec_t, pcp_tmp_t, pcscd_initrc_exec_t, pdns_conf_t, pdns_control_exec_t, pegasus_conf_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, pinentry_exec_t, ping_exec_t, pingd_etc_t, pingd_initrc_exec_t, piranha_etc_rw_t, piranha_pulse_initrc_exec_t, piranha_web_conf_t, piranha_web_tmp_t, pkcs_slotd_initrc_exec_t, pkcs_slotd_tmp_t, pki_ra_script_exec_t, pki_tomcat_tmp_t, pki_tps_script_exec_t, plymouth_exec_t, podsleuth_exec_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, policykit_tmp_t, polipo_cache_home_t, polipo_config_home_t, polipo_etc_t, polipo_exec_t, polipo_initrc_exec_t, portmap_helper_exec_t, portmap_initrc_exec_t, portmap_tmp_t, portreserve_etc_t, portreserve_initrc_exec_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_etc_t, postfix_exec_t, postfix_initrc_exec_t, postfix_local_tmp_t, postfix_map_exec_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_tmp_t, postfix_showq_exec_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_etc_t, postgresql_initrc_exec_t, postgresql_tmp_t, postgrey_etc_t, postgrey_initrc_exec_t, pppd_etc_t, pppd_exec_t, pppd_initrc_exec_t, pppd_tmp_t, prelink_exec_t, prelink_tmp_t, prelude_correlator_config_t, prelude_initrc_exec_t, prelude_lml_tmp_t, preupgrade_exec_t, printconf_t, privoxy_initrc_exec_t, proc_t, procmail_exec_t, procmail_home_t, procmail_tmp_t, prosody_tmp_t, psad_etc_t, psad_initrc_exec_t, psad_tmp_t, ptal_etc_t, ptchown_exec_t, pulseaudio_exec_t, pulseaudio_home_t, pulseaudio_tmpfs_t, puppet_etc_t, puppet_tmp_t, puppetagent_initrc_exec_t, puppetca_exec_t, puppetmaster_initrc_exec_t, puppetmaster_tmp_t, pwauth_exec_t, qemu_exec_t, qmail_etc_t, qmail_tcp_env_exec_t, qpidd_initrc_exec_t, qpidd_tmp_t, quota_exec_t, rabbitmq_initrc_exec_t, racoon_tmp_t, radiusd_etc_t, radiusd_initrc_exec_t, radvd_etc_t, radvd_initrc_exec_t, readahead_exec_t, realmd_exec_t, realmd_tmp_t, redis_initrc_exec_t, removable_t, rhev_agentd_tmp_t, rhnsd_conf_t, rhnsd_initrc_exec_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, rhsmcertd_tmp_t, ricci_initrc_exec_t, ricci_tmp_t, rlogind_home_t, rlogind_tmp_t, rngd_initrc_exec_t, rolekit_tmp_t, roundup_initrc_exec_t, rpcbind_initrc_exec_t, rpcbind_tmp_t, rpcd_initrc_exec_t, rpm_exec_t, rpm_script_tmp_t, rpm_tmp_t, rssh_chroot_helper_exec_t, rssh_exec_t, rssh_ro_t, rssh_rw_t, rsync_etc_t, rsync_exec_t, rsync_tmp_t, rtas_errd_tmp_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, run_init_exec_t, rwho_initrc_exec_t, samba_etc_t, samba_initrc_exec_t, samba_net_exec_t, samba_net_tmp_t, samba_var_t, sambagui_exec_t, sandbox_file_t, sanlock_conf_t, sanlock_initrc_exec_t, saslauthd_initrc_exec_t, sblim_initrc_exec_t, sblim_tmp_t, screen_exec_t, screen_home_t, secadm_sudo_tmp_t, sectool_tmp_t, sectoolm_exec_t, selinux_munin_plugin_exec_t, selinux_munin_plugin_tmp_t, semanage_exec_t, semanage_tmp_t, sendmail_exec_t, sendmail_initrc_exec_t, sendmail_tmp_t, sensord_initrc_exec_t, services_munin_plugin_exec_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setfiles_exec_t, setkey_exec_t, setrans_initrc_exec_t, setroubleshoot_fixit_exec_t, setroubleshoot_fixit_tmp_t, setroubleshoot_tmp_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_job_exec_t, sge_shepherd_exec_t, sge_tmp_t, shell_exec_t, shorewall_etc_t, shorewall_initrc_exec_t, shorewall_tmp_t, showmount_exec_t, slapd_etc_t, slapd_initrc_exec_t, slapd_tmp_t, slpd_initrc_exec_t, smbcontrol_exec_t, smbd_tmp_t, smokeping_initrc_exec_t, smoltclient_exec_t, smoltclient_tmp_t, smsd_initrc_exec_t, smsd_tmp_t, snapperd_conf_t, snapperd_exec_t, snmpd_initrc_exec_t, snort_etc_t, snort_initrc_exec_t, snort_tmp_t, sosreport_exec_t, sosreport_tmp_t, soundd_etc_t, soundd_initrc_exec_t, soundd_tmp_t, spamc_exec_t, spamc_home_t, spamc_tmp_t, spamd_etc_t, spamd_initrc_exec_t, spamd_tmp_t, spamd_update_exec_t, speech-dispatcher_exec_t, speech-dispatcher_home_t, speech-dispatcher_tmp_t, squid_conf_t, squid_cron_exec_t, squid_initrc_exec_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_exec_t, ssh_agent_tmp_t, ssh_exec_t, ssh_home_t, ssh_keygen_exec_t, ssh_keygen_tmp_t, ssh_keysign_exec_t, ssh_tmpfs_t, sshd_initrc_exec_t, sslh_config_t, sslh_initrc_exec_t, sssd_conf_t, sssd_initrc_exec_t, sssd_public_t, sssd_selinux_manager_exec_t, sssd_var_lib_t, staff_sudo_tmp_t, stapserver_tmp_t, stunnel_etc_t, stunnel_tmp_t, su_exec_t, sudo_exec_t, sulogin_exec_t, svc_conf_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svirt_home_t, svirt_sandbox_file_t, svirt_tmp_t, svnserve_initrc_exec_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysctl_fs_t, sysctl_t, sysfs_t, syslog_conf_t, syslogd_initrc_exec_t, syslogd_tmp_t, sysstat_exec_t, sysstat_initrc_exec_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_mail_tmp_t, system_munin_plugin_exec_t, system_munin_plugin_tmp_t, systemd_home_t, systemd_logind_sessions_t, sysv_t, tcpd_tmp_t, tcsd_initrc_exec_t, telepathy_cache_home_t, telepathy_data_home_t, telepathy_gabble_cache_home_t, telepathy_gabble_exec_t, telepathy_gabble_tmp_t, telepathy_idle_exec_t, telepathy_idle_tmp_t, telepathy_logger_cache_home_t, telepathy_logger_data_home_t, telepathy_logger_exec_t, telepathy_logger_tmp_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_data_home_t, telepathy_mission_control_exec_t, telepathy_mission_control_home_t, telepathy_mission_control_tmp_t, telepathy_msn_exec_t, telepathy_msn_tmp_t, telepathy_salut_exec_t, telepathy_salut_tmp_t, telepathy_sofiasip_exec_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_exec_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_exec_t, telepathy_sunshine_home_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, texlive_home_t, textrel_shlib_t, tftpd_etc_t, tgtd_initrc_exec_t, tgtd_tmp_t, thumb_exec_t, thumb_home_t, thumb_tmp_t, tmp_t, tmpfs_t, tmpreaper_exec_t, tomcat_tmp_t, tor_etc_t, tor_initrc_exec_t, traceroute_exec_t, tuned_etc_t, tuned_initrc_exec_t, tuned_rw_etc_t, tuned_tmp_t, tvtime_exec_t, tvtime_home_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_etc_t, udev_tmp_t, udev_var_run_t, ulogd_etc_t, ulogd_initrc_exec_t, uml_exec_t, uml_ro_t, uml_rw_t, uml_tmp_t, uml_tmpfs_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, unconfined_munin_plugin_tmp_t, update_modules_exec_t, update_modules_tmp_t, updfstab_exec_t, usbfs_t, usbmodules_exec_t, usbmuxd_exec_t, user_cron_spool_t, user_fonts_cache_t, user_fonts_config_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, useradd_exec_t, userhelper_conf_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_initrc_exec_t, uucpd_tmp_t, uuidd_initrc_exec_t, uux_exec_t, var_spool_t, varnishd_etc_t, varnishd_initrc_exec_t, varnishd_tmp_t, varnishlog_initrc_exec_t, vdagentd_initrc_exec_t, vhostmd_initrc_exec_t, virsh_exec_t, virt_content_t, virt_etc_t, virt_home_t, virt_qemu_ga_tmp_t, virt_qemu_ga_unconfined_exec_t, virt_tmp_t, virtd_initrc_exec_t, virtd_lxc_exec_t, vlock_exec_t, vmblock_t, vmtools_helper_exec_t, vmtools_tmp_t, vmware_conf_t, vmware_exec_t, vmware_file_t, vmware_host_tmp_t, vmware_sys_conf_t, vmware_tmp_t, vmware_tmpfs_t, vnstat_exec_t, vnstatd_initrc_exec_t, vpnc_exec_t, vpnc_tmp_t, vxfs_t, w3c_validator_tmp_t, watchdog_initrc_exec_t, watchdog_unconfined_exec_t, wdmd_initrc_exec_t, webadm_tmp_t, webalizer_etc_t, webalizer_exec_t, webalizer_tmp_t, wine_exec_t, wine_home_t, wireshark_exec_t, wireshark_home_t, wireshark_tmp_t, wireshark_tmpfs_t, wpa_cli_exec_t, xauth_exec_t, xauth_home_t, xauth_tmp_t, xdm_etc_t, xdm_exec_t, xdm_home_t, xdm_rw_etc_t, xdm_unconfined_exec_t, xdm_var_run_t, xend_tmp_t, xenfs_t, xenstored_tmp_t, xserver_etc_t, xserver_exec_t, xserver_tmpfs_t, ypbind_initrc_exec_t, ypbind_tmp_t, ypserv_conf_t, ypserv_tmp_t, zabbix_agent_initrc_exec_t, zabbix_initrc_exec_t, zabbix_script_exec_t, zabbix_tmp_t, zarafa_deliver_tmp_t, zarafa_etc_t, zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_var_lib_t, zebra_conf_t, zebra_initrc_exec_t, zebra_tmp_t, zoneminder_initrc_exec_t, zos_remote_exec_t. Quindi eseguire: restorecon -v '2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172' ***** Plugin catchall (1.73 confidence) suggests ************************** If si crede che plugin-container dovrebbe avere possibilità di accesso read sui 2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172 file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep Chrome_ChildThr /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:unlabeled_t:s0 Target Objects 2F6D656469612F617263686976696F2F526F6261204D69612F 446F63756D656E74692F556E69766572736974612F4D617465 7269652F436F6E74726F6C6C692064692073697374656D6920 64696E616D6963692F4D617274696E656C6C692F417070756E 7469206C657A696F6E692F636170315F332E6F6B756C6172 [ file ] Source Chrome_ChildThr Source Path /usr/lib64/firefox/plugin-container Port <Unknown> Source RPM Packages firefox-45.0-4.fc23.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-158.9.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Platform Linux machine 4.4.4-301.fc23.x86_64 #1 SMP Fri Mar 4 17:42:42 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-03-15 10:20:16 CET Last Seen 2016-03-15 10:20:49 CET Raw Audit Messages type=AVC msg=audit(1458033649.544:326): avc: denied { read } for pid=10520 comm="Chrome_ChildThr" path=2F6D656469612F617263686976696F2F526F6261204D69612F446F63756D656E74692F556E69766572736974612F4D6174657269652F436F6E74726F6C6C692064692073697374656D692064696E616D6963692F4D617274696E656C6C692F417070756E7469206C657A696F6E692F636170315F332E6F6B756C6172 dev="sdc1" ino=34604307 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1458033649.544:326): arch=x86_64 syscall=recvmsg success=yes exit=EADV a0=3 a1=7f6f1f3fe7b0 a2=40 a3=ffffffff items=0 ppid=3843 pid=10520 auid=1000 uid=1000 gid=1003 euid=1000 suid=1000 fsuid=1000 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=1 comm=Chrome_ChildThr exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: Chrome_ChildThr,mozilla_plugin_t,unlabeled_t,file,read