Bug 517599

Summary: AVC messages
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: nspluginwrapperAssignee: Martin Stransky <stransky>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: caillon, dwalsh, stransky, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-17 08:10:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Waugh 2009-08-14 22:07:59 UTC
Description of problem:
I have the 32-bit flash plugin installed on an x86_64 rawhide machine.  I get these AVCs when visiting a site with a flash widget:

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/.parentlock" dev=dm-3 ino=392525 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_MAP_" dev=dm-3 ino=576914 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=worm.elk 

type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_001_" dev=dm-3 ino=576915 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_002_" dev=dm-3 ino=576916 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=worm.elk 

type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_003_" dev=dm-3 ino=576917 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

Version-Release number of selected component (if applicable):
nspluginwrapper-1.3.0-8.fc12.x86_64
nspluginwrapper-1.3.0-8.fc12.i686
selinux-policy-targeted-3.6.26-11.0.0.1.fc12.noarch

How reproducible:
100%

Steps to Reproduce:
1.Visit any site with flash, with the 32-bit flash plugin installed.

Comment 1 Martin Stransky 2009-08-17 06:17:45 UTC
Hm, do you want flash plug-in to write to your home? I don't think so...we may need to deny it in selinux.

Comment 2 Tim Waugh 2009-08-17 08:10:19 UTC
Oh, my mistake, those directories somehow didn't get correctly relabelled -- perhaps because /home is on a separate filesystem.

After 'restorecon -vR ~/.mozilla' it's all working fine.

Sorry for the noise.