Bug 766476

Summary: SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from 'read' accesses on the lnk_file /usr/lib64/mozilla/plugins-wrapped/libjavaplugin.so.
Product: [Fedora] Fedora Reporter: Amit Shah <amit.shah>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dominick.grift, dwalsh, dwmw2, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:158a234043ca352d60d9b993bcec2a9aae07542c84e3b1837d4929acc31b600e
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-16 10:43:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: description none

Description Amit Shah 2011-12-12 06:34:06 UTC 
libreport version: 2.0.7
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.4-1.fc16.x86_64
reason:         SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from 'read' accesses on the lnk_file /usr/lib64/mozilla/plugins-wrapped/libjavaplugin.so.
time:           Mon 12 Dec 2011 12:03:21 PM IST

description:    Text file, 3117 bytes
Comment 1 Amit Shah 2011-12-12 06:34:12 UTC 
Created attachment 545597 [details]
File: description
Comment 2 Daniel Walsh 2011-12-12 16:33:46 UTC 
Miroslav, I think we should not be allowing sandbox to write nsplugin content.  Or we need to figure  a way that the MCS labels do not get stored.

Amit, run restorecon -R -f -v /usr/lib64/mozilla/plugins-wrapped
Comment 3 Miroslav Grepl 2011-12-12 16:40:21 UTC 
I think there was an issue with this in Fedora15/14 (not sure) and we needed to add it. I think we could try to remove this access.
Comment 4 Amit Shah 2011-12-12 19:05:48 UTC 
(In reply to comment #2)
> Amit, run restorecon -R -f -v /usr/lib64/mozilla/plugins-wrapped

That didn't work..

# restorecon -R -f -v /usr/lib64/mozilla/plugins-wrapped
Unable to open -v: No such file or directory

But this did:

# restorecon -R -v -f  /usr/lib64/mozilla/plugins-wrapped
#

However, starting a firefox window in a sandbox still produces this alert.
Comment 5 Miroslav Grepl 2012-03-15 14:53:48 UTC 
Are you still getting this?
Comment 6 Amit Shah 2012-03-15 15:10:49 UTC 
(In reply to comment #5)
> Are you still getting this?

So on my freshly-installed installation, that directory doesn't even exist.

I don't remember seeing this one in a while, so maybe it only affects people who have upgraded F16 from previous versions.
Comment 7 Miroslav Grepl 2012-03-16 10:43:33 UTC 
Lets close this bug and reopen if this happens again.