Bug 770636

libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.6-1.fc16.i686
reason:         SELinux is preventing /usr/bin/claws-mail from 'execmod' accesses on the file /usr/lib/libjavascriptcoregtk-1.0.so.0.11.0.
time:           Ср. 28 дек. 2011 14:11:52

description:
:SELinux is preventing /usr/bin/claws-mail from 'execmod' accesses on the file /usr/lib/libjavascriptcoregtk-1.0.so.0.11.0.
:
:*****  Plugin allow_execmod (53.1 confidence) suggests  **********************
:
:If you want to allow claws-mail to have execmod access on the libjavascriptcoregtk-1.0.so.0.11.0 file
:Then you need to change the label on '/usr/lib/libjavascriptcoregtk-1.0.so.0.11.0'
:Do
:# semanage fcontext -a -t textrel_shlib_t '/usr/lib/libjavascriptcoregtk-1.0.so.0.11.0'
:# restorecon -v '/usr/lib/libjavascriptcoregtk-1.0.so.0.11.0'
:
:*****  Plugin catchall_boolean (42.6 confidence) suggests  *******************
:
:If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t
:Then you must tell SELinux about this by enabling the 'allow_execmod' boolean.
:Do
:setsebool -P allow_execmod 1
:
:*****  Plugin catchall (5.76 confidence) suggests  ***************************
:
:If you believe that claws-mail should be allowed execmod access on the libjavascriptcoregtk-1.0.so.0.11.0 file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep claws-mail /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
:                              023
:Target Context                system_u:object_r:lib_t:s0
:Target Objects                /usr/lib/libjavascriptcoregtk-1.0.so.0.11.0 [ file
:                              ]
:Source                        claws-mail
:Source Path                   /usr/bin/claws-mail
:Port                          <Неизвестно>
:Host                          (removed)
:Source RPM Packages           claws-mail-3.7.10-7.fc16
:Target RPM Packages           webkitgtk-1.6.1-1.fc16
:Policy RPM                    selinux-policy-3.10.0-67.fc16
:Selinux Enabled               True
:Policy Type                   minimum
:Enforcing Mode                Permissive
:Host Name                     (removed)
:Platform                      Linux (removed) 3.1.6-1.fc16.i686 #1
:                              SMP Wed Dec 21 23:18:01 UTC 2011 i686 i686
:Alert Count                   1
:First Seen                    Ср. 28 дек. 2011 12:56:58
:Last Seen                     Ср. 28 дек. 2011 12:56:58
:Local ID                      0c4a3c79-da9e-4eae-ba5b-2167ccdfb9f5
:
:Raw Audit Messages
:type=AVC msg=audit(1325055418.52:92): avc:  denied  { execmod } for  pid=1450 comm="claws-mail" path="/usr/lib/libjavascriptcoregtk-1.0.so.0.11.0" dev=sda4 ino=537896 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1325055418.52:92): arch=i386 syscall=mprotect success=yes exit=0 a0=43c37000 a1=2f0000 a2=5 a3=bf9be2d0 items=0 ppid=1439 pid=1450 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=claws-mail exe=/usr/bin/claws-mail subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
:
:Hash: claws-mail,unconfined_t,lib_t,file,execmod
:
:audit2allow
:
:#============= unconfined_t ==============
:#!!!! This avc can be allowed using the boolean 'allow_execmod'
:
:allow unconfined_t lib_t:file execmod;
:
:audit2allow -R
:
:#============= unconfined_t ==============
:#!!!! This avc can be allowed using the boolean 'allow_execmod'
:
:allow unconfined_t lib_t:file execmod;
: