Bug 802184

Summary: extensions.gnome.org is blocked by policy
Product: [Fedora] Fedora Reporter: Giovanni Campagna <scampa.giovanni>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-25 23:10:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Giovanni Campagna 2012-03-11 23:05:02 UTC 
Description of problem:
extensions.gnome.org (the website hosting gnome-shell extensions) uses a Firefox plugin that makes DBus calls to enumerate and install extensions. These calls are blocked by SELinux, making the website inusable.

Version-Release number of selected component (if applicable):
selinux-policy-3.10.0-95.fc17.noarch

How reproducible:
Always

Steps to Reproduce:
1. Go to https://extensions.gnome.org with Firefox
  
Actual results:
GnomeShellBrowserPlugin-WARNING **: Failed to retrieve extension metadata: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.92" (uid=1000 pid=1262 comm="/usr/lib64/xulrunner-2/plugin-container /usr/lib64") interface="org.gnome.Shell" member="GetExtensionInfo" error name="(unset)" requested_reply="0" destination=":1.41" (uid=1000 pid=973 comm="/usr/bin/gnome-shell ")

Expected results:
The website loads gnome-shell configuration (version, installed extensions) with no error.
Comment 1 Miroslav Grepl 2012-03-12 07:54:47 UTC 
What AVC are you getting?

$ ausearch -m avc,user_avc
Comment 2 Giovanni Campagna 2012-03-25 23:10:27 UTC 
Whatever it was, it's fixed with the latest updates of firefox, gnome-shell and selinux-policy, so closing.