Bug 1430037

Summary: SELinux is preventing 57656220436F6E74656E74 from create access on the file lista.pdf.
Product: [Fedora] Fedora Reporter: Giordano Battilana <jordan83>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: dominick.grift, dwalsh, gecko-bugs-nobody, jhorak, kengert, lvrabec, mgrepl, pjasicek, plautrba, pmoore, rahulagni, ssekidde, stransky, vinicius_rocha_3
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-19 08:47:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The SELINUX report none

Description Giordano Battilana 2017-03-07 17:34:40 UTC 
Created attachment 1260898 [details]
The SELINUX report

Description of problem:

I tried to print to file from Firefox.


Version-Release number of selected component (if applicable):
51.0.1

How reproducible:
always (in my case)

Steps to Reproduce:
1. open a web page
2. try to print to file

Actual results:
SELINUX alert pops up

Expected results:
a file in the home should be created

Additional info:
I could resolve it by issuing (as suggested in the error) the command:
setsebool -P unconfined_mozilla_plugin_transition 0
Comment 1 Vinicius Rocha 2017-04-12 13:46:30 UTC 
Same happening here!

-------------------------------------------------------------------------------
SELinux is preventing 57656220436F6E74656E74 from create access on the file mozilla.pdf.

*****  Plugin mozplugger (99.1 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall (1.81 confidence) suggests   **************************

If you believe that 57656220436F6E74656E74 should be allowed create access on the mozilla.pdf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -X 300 -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_dir_t:s0
Target Objects                mozilla.pdf [ file ]
Source                        57656220436F6E74656E74
Source Path                   57656220436F6E74656E74
Port                          <Unknown>
Host                          vini-laptop
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.11.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     vini-laptop
Platform                      Linux vini-laptop 4.10.8-200.fc25.x86_64 #1 SMP
                              Fri Mar 31 13:20:22 UTC 2017 x86_64 x86_64
Alert Count                   1
First Seen                    2017-04-12 10:19:15 -03
Last Seen                     2017-04-12 10:19:15 -03
Local ID                      9a65d2e5-8609-4457-a8cc-ccfb60b5d21f

Raw Audit Messages
type=AVC msg=audit(1492003155.859:248): avc:  denied  { create } for  pid=2492 comm=57656220436F6E74656E74 name="mozilla.pdf" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file permissive=0


Hash: 57656220436F6E74656E74,mozilla_plugin_t,user_home_dir_t,file,create
Comment 2 Rahul 2017-04-14 07:33:48 UTC 
Same happening here :(

---------------------------------------------------------------------
SELinux is preventing 57656220436F6E74656E74 from create access on the file 50726979616E6B6120513120466565732042696C6C2E706466.

*****  Plugin mozplugger (99.1 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall (1.81 confidence) suggests   **************************

If you believe that 57656220436F6E74656E74 should be allowed create access on the 50726979616E6B6120513120466565732042696C6C2E706466 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -X 300 -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                50726979616E6B6120513120466565732042696C6C2E706466
                              [ file ]
Source                        57656220436F6E74656E74
Source Path                   57656220436F6E74656E74
Port                          <Unknown>
Host                          homepctwo-homedomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.11.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     homepctwo-homedomain
Platform                      Linux homepctwo-homedomain 4.9.17-100.fc24.x86_64
                              #1 SMP Wed Mar 22 15:49:46 UTC 2017 x86_64 x86_64
Alert Count                   2
First Seen                    2017-04-14 12:55:28 IST
Last Seen                     2017-04-14 12:59:32 IST
Local ID                      cb38ecff-e591-460e-a258-f08cf9eab4b9

Raw Audit Messages
type=AVC msg=audit(1492154972.919:226): avc:  denied  { create } for  pid=2324 comm=57656220436F6E74656E74 name=50726979616E6B6120513120466565732042696C6C2E706466 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


Hash: 57656220436F6E74656E74,mozilla_plugin_t,user_home_t,file,create
Comment 3 Martin Stransky 2017-04-18 10:12:07 UTC 
I hope it's the correct component.
Comment 4 Lukas Vrabec 2017-04-19 08:47:16 UTC 
*****  Plugin mozplugger (99.1 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0