Bug 181056

Summary: Thunderbird says: "Could not initaliaze the browser's security component"
Product: [Fedora] Fedora Reporter: Hans de Goede <hdegoede>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-02 20:13:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hans de Goede 2006-02-12 13:24:54 UTC 
Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "

"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.

---

I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1

Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.
Comment 1 Daniel Walsh 2006-02-13 14:58:23 UTC 
What AVC messages are you seeing in the log files? 

/var/log/audit/audit.log and/or /var/log/messages
Comment 2 Hans de Goede 2006-02-13 15:13:18 UTC 
I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.
Comment 3 Daniel Walsh 2006-02-13 15:53:30 UTC 
Also see if setting any of the allow_exec* booleans clear up the problem

setsebool -P allow_execstack=1
Comment 4 Hans de Goede 2006-02-14 18:25:45 UTC 
setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?

BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?
Comment 5 Daniel Walsh 2006-02-14 23:12:29 UTC 
And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?

You can turn on all audit messages by

semodule -b /usr/share/selinux/targeted/enableaudit.pp

Turn them back off with

semodule -b /usr/share/selinux/targeted/base.pp
Comment 6 Hans de Goede 2006-05-02 20:13:31 UTC 
I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.