Bug 439895
Summary: | SELinux is preventing the npviewer.bin from using potentially mislabeled files (.XCompose). | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||||
Component: | nspluginwrapper | Assignee: | Martin Stransky <stransky> | ||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | rawhide | CC: | ajax, caillon, dwalsh, jkubin, mcepl, rstrode, wtogami | ||||||
Target Milestone: | --- | Keywords: | Reopened, SELinux | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-04-06 10:06:32 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Matěj Cepl
2008-03-31 21:46:06 UTC
Created attachment 299771 [details]
/var/log/Xorg.0.log
Users are responsible for making sure they have the correct labeling on files just like the are responsible for having the correct ownership and permissions. This is a user error and not a bug. Well, I thought that this being a standard file (like for example ~/.Xauthority) would deserve to get also standard relabelling (like ~/.Xauthority gets). In this case, when looking at [matej@viklef ~]$ ls -Z /usr/share/X11/locale/en_US.UTF-8/Compose -rw-r--r-- root root system_u:object_r:locale_t /usr/share/X11/locale/en_US.UTF-8/Compose [matej@viklef ~]$ I think it would deserve *:locale_t type label. To the previous comment, one more thing -- this is AFTER restorecon -v -R /tmp Matej I think I responded to the wrong bugzilla. The avc that you report is showing nsplugin trying to read the .XCompose file. This has nothing to do with gdm crashing. I have no idea why nsplugin would try to read the Link_file .XCompose. restorecon of /tmp also has no effect, If you have a labeling problem in /tmp, you would be best off deleting the files/directories out there and restarting the application. OK, reassigning back. Created attachment 299877 [details]
strace of nspluginviewer
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-29.fc9 |