Bug 525499
| Summary: | setroubleshoot: SELinux is preventing the plugin-config from using potentially mislabeled files (/home1/normal/java/jre1.6.0_16/plugin/i386/ns7/libjavaplugin_oji.so). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | David <idht4n> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:af1e4372bbd095b4cf09ebe58aa772aa9289640870aef4529daf22a345af5ef1 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-24 15:37:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 524635 *** |
The following was filed automatically by setroubleshoot: Summary: SELinux is preventing the plugin-config from using potentially mislabeled files (/home1/normal/java/jre1.6.0_16/plugin/i386/ns7/libjavaplugin_oji.so). Detailed Description: SELinux has denied plugin-config access to potentially mislabeled file(s) (/home1/normal/java/jre1.6.0_16/plugin/i386/ns7/libjavaplugin_oji.so). This means that SELinux will not allow plugin-config to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want plugin-config to access this files, you need to relabel them using restorecon -v '/home1/normal/java/jre1.6.0_16/plugin/i386/ns7/libjavaplugin_oji.so'. You might want to relabel the entire directory using restorecon -R -v '/home1/normal/java/jre1.6.0_16/plugin/i386/ns7'. Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_config_t:s0-s0: c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home1/normal/java/jre1.6.0_16/plugin/i386/ns7/lib javaplugin_oji.so [ file ] Source plugin-config Source Path plugin-config Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.6.32-8.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.31-33.fc12.i686.PAE #1 SMP Thu Sep 17 15:40:35 EDT 2009 i686 i686 Alert Count 1 First Seen Thu 24 Sep 2009 08:33:36 AM PDT Last Seen Thu 24 Sep 2009 08:34:47 AM PDT Local ID 057a79d5-0d33-4a5b-830c-ba1eea391ec1 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1253806487.392:96): avc: denied { execute } for pid=21413 comm="plugin-config" path="/home1/normal/java/jre1.6.0_16/plugin/i386/ns7/libjavaplugin_oji.so" dev=sda3 ino=73447 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file audit2allow suggests: #============= nsplugin_config_t ============== allow nsplugin_config_t user_home_t:file execute;