Bug 469092
Summary: | SELinux is preventing soffice (nsplugin_t) "getattr" to /usr/lib/openoffice.org/ure/bin/javaldx (java_exec_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alex Chiang <achiang> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 10 | CC: | ahughes, bashton, dwalsh, jkubin, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-08 18:35:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alex Chiang
2008-10-29 20:34:53 UTC
nsplugin should not be attempring to run openoffice. openoffice should not run within an nsplugin wrapper. Did you set this up or is there some package that is trying to do this? *** Bug 469094 has been marked as a duplicate of this bug. *** I didn't set up anything manually; I just accepted whatever defaults come when you install F10/rawhide. The reason I got the message was that someone sent me a URL that pointed at a Word document. I simply pasted the url into my browser (ff3) and then got those SELinux alerts. Is there any sort of debugging or package list you'd like me to provide? rpm -qa \*plug\* gstreamer-plugins-farsight-0.12.9-3.fc10.i386 plymouth-plugin-solar-0.6.0-0.2008.10.27.5.fc10.i386 gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.i386 anaconda-yum-plugins-1.0-3.fc10.noarch nspluginwrapper-1.1.2-4.fc10.i386 gstreamer-plugins-good-0.10.11-1.fc10.i386 flash-plugin-9.0.124.0-release.i386 totem-mozplugin-2.24.3-1.fc10.i386 PackageKit-yum-plugin-0.3.9-1.fc10.i386 alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.i386 plymouth-plugin-label-0.6.0-0.2008.10.27.5.fc10.i386 plymouth-plugin-spinfinity-0.6.0-0.2008.10.27.5.fc10.i386 PackageKit-gstreamer-plugin-0.3.9-1.fc10.i386 mozplugger-1.10.1-3.fc10.i386 libmodplug-0.8.4-3.fc9.i386 gstreamer-plugins-base-0.10.21-2.fc10.i386 setroubleshoot-plugins-2.0.10-1.fc10.noarch java-1.6.0-openjdk-plugin-1.6.0.0-1.1.b12.fc10.i386 This bug has been triaged The problem is mozplugger wants to run a whole bunch of the desktop under nspluginwrapper. (openoffice, evince, totem...) nsplugin_t is not allowing desktop apps to run. You have two choices, either remove the mozplugger rpm, or at least openoffice from /etc/mozpluggerrc rpm -e mozplugger Or turn off SELinux protection over nsplugin. setsebool -P allow_unconfined_nsplugin_transition 0 *** Bug 469095 has been marked as a duplicate of this bug. *** This somehow seems to be the default setup after upgrading to Fedora 10 from Fedora 9. Loading OpenOffice documents from the browser working with F9 but is broken after upgrading to F10 with the same SELinux denial(s) shown above. I've now removed mozplugger and will see if this makes a difference when the browser is next restarted. I don't know why nspluginwrapper is installed when every plugin should be 64-bit. $ rpm -qa \*plug\* java-1.6.0-openjdk-plugin-1.6.0.0-2b12.fc10.x86_64 PackageKit-yum-plugin-0.3.9-4.fc10.x86_64 alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.x86_64 gstreamer-plugins-base-0.10.21-2.fc10.x86_64 nspluginwrapper-1.1.2-4.fc10.x86_64 plymouth-plugin-spinfinity-0.6.0-0.2008.10.30.4.fc10.x86_64 anaconda-yum-plugins-1.0-3.fc10.noarch totem-mozplugin-2.24.3-1.fc10.x86_64 plymouth-plugin-solar-0.6.0-0.2008.10.30.4.fc10.x86_64 setroubleshoot-plugins-2.0.10-1.fc10.noarch plymouth-plugin-label-0.6.0-0.2008.10.30.4.fc10.x86_64 gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.x86_64 gstreamer-plugins-good-0.10.11-1.fc10.x86_64 libmodplug-0.8.4-3.fc9.x86_64 maven-shared-plugin-testing-harness-1.0-4.6.fc10.x86_64 PackageKit-gstreamer-plugin-0.3.9-4.fc10.x86_64 This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |