Bug 740055
| Summary: | SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'read' accesses on the file pulse-shm-2753185353. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mads Kiilerich <mads> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1c49528ccac391601428ab8e4182f7aa3e750167231f93305c97d88a0f567710 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-09-21 15:08:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** Bug 740056 has been marked as a duplicate of this bug. *** Any idea how this pulse-shm file got created? If it was created by a logged in user process it would have been user_tmpfs_t? This was with the "old" 3.10.0-29 policy - I had logged in as a temporary user and started firefox to download -31. I assume these files are created on login with "unique and random" names, so it must have been created by some session process. But I guess it could be related to the transition/relabelling fix in -31. Right now all the files in /dev/shm/pulse* are user_tmpfs_t. I will try and see if I can reproduce the issue - but user switching is a bit hard at the moment... Ok reopen if it happens again. |
abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-0.rc6.git0.3.fc16.x86_64 reason: SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'read' accesses on the file pulse-shm-2753185353. time: Tue Sep 20 21:30:08 2011 description: :SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'read' accesses on the file pulse-shm-2753185353. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that npviewer.bin should be allowed read access on the pulse-shm-2753185353 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep npviewer.bin /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 : 3 :Target Context unconfined_u:object_r:tmpfs_t:s0 :Target Objects pulse-shm-2753185353 [ file ] :Source npviewer.bin :Source Path /usr/lib/nspluginwrapper/npviewer.bin :Port <Unknown> :Host (removed) :Source RPM Packages nspluginwrapper-1.4.4-1.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-29.1.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.1.0-0.rc6.git0.3.fc16.x86_64 #1 SMP : Fri Sep 16 12:26:22 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Mon 19 Sep 2011 12:39:18 AM CEST :Last Seen Mon 19 Sep 2011 12:39:18 AM CEST :Local ID f4f64b6f-4668-4d8b-ad68-593d383c186c : :Raw Audit Messages :type=AVC msg=audit(1316385558.503:530): avc: denied { read } for pid=20379 comm="npviewer.bin" name="pulse-shm-2753185353" dev=tmpfs ino=340459 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file : : :type=AVC msg=audit(1316385558.503:530): avc: denied { open } for pid=20379 comm="npviewer.bin" name="pulse-shm-2753185353" dev=tmpfs ino=340459 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file : : :type=SYSCALL msg=audit(1316385558.503:530): arch=i386 syscall=fstat per=8 success=yes exit=EEXIST a0=ffee3af0 a1=a0000 a2=0 a3=ffee3bed items=0 ppid=20358 pid=20379 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=21 comm=npviewer.bin exe=/usr/lib/nspluginwrapper/npviewer.bin subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) : :Hash: npviewer.bin,nsplugin_t,tmpfs_t,file,read : :audit2allow : :#============= nsplugin_t ============== :allow nsplugin_t tmpfs_t:file { read open }; : :audit2allow -R : :#============= nsplugin_t ============== :allow nsplugin_t tmpfs_t:file { read open }; :