Bug 316041
Summary: | SELinux alert when browsing to an applet page | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Thomas Fitzsimmons <fitzsim> | ||||||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||||||
Severity: | low | Docs Contact: | |||||||||
Priority: | low | ||||||||||
Version: | rawhide | CC: | aph, dwalsh, mcepl, xgl-maint | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | 3.0.8-24.fc8 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2007-11-29 20:56:29 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Thomas Fitzsimmons
2007-10-02 20:24:36 UTC
Created attachment 214051 [details] stdout/stderr of firefox trying to reproduce the bug with http://www4.passur.com/bos.html We are not sure, whether this is a java problem or selinux problem, but if it really means, that SELinux wants to deny something to xorg server, than it is probably a problem of policy, because (according to ajax) "pretty much anything an xdm_xserver_t process wants to do ought to be allowed by the policy". Moreover, when trying to reproduce the bug with Rawhide (in kvm-guest), it didn't work. Apparently not because of selinux -- see attached. BTW, the very same URL works for me without a problem with F7 and java-1.7.0-icedtea-plugin-1.7.0.0-0.14.b18.snapshot.fc8 (In reply to comment #1) > Created an attachment (id=214051) [edit] > stdout/stderr of firefox trying to reproduce the bug with > http://www4.passur.com/bos.html > > We are not sure, whether this is a java problem or selinux problem, but if it > really means, that SELinux wants to deny something to xorg server, than it is > probably a problem of policy, because (according to ajax) "pretty much anything > an xdm_xserver_t process wants to do ought to be allowed by the policy". > > Moreover, when trying to reproduce the bug with Rawhide (in kvm-guest), it > didn't work. Apparently not because of selinux -- see attached. You'll see this error running any applet that accesses timezone data. It is currently being addressed: https://bugzilla.redhat.com/show_bug.cgi?id=314211 In the meantime, browsing to the example URL I gave should reproduce the SELinux alert: http://thisiscool.com/ > BTW, the very > same URL works for me without a problem with F7 and > java-1.7.0-icedtea-plugin-1.7.0.0-0.14.b18.snapshot.fc8 You mean http://www4.passur.com/bos.html in reference to the user.zoneinfo.dir issue? Or http://thisiscool.com/ in reference to the SELinux issue? Fixed in selinux-policy-3.0.8-17.fc8 Created attachment 228741 [details]
output of setroubleshooter
Actually, this may really has absolutely nothing to do with java -- I got the
same problem with SELinux just when starting pup.
Created attachment 228751 [details]
/var/log/audit/audit.log
Fixed in selinux-policy-3.0.8-24.fc8 Fixed in Fedora 8. |