Bug 834864
Summary: | SELinux is preventing /usr/lib64/libreoffice/program/soffice.bin from 'create' accesses on the file .execooooKnBTH. | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Odysseys <odysseys> | |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 17 | CC: | antonio.montagnani, dominick.grift, dwalsh, mgrepl, utilitymail | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Unspecified | |||
Whiteboard: | abrt_hash:a8b09735db73c2088872cfa334dc942afeffa9c006747924b05c9cec884b7d0c | |||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 835301 (view as bug list) | Environment: | ||
Last Closed: | 2012-06-25 20:55:37 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 835301 |
Description
Odysseys
2012-06-24 12:14:03 UTC
If you want to run mozplugin you have to disable SELinux enforcement. So either yum remove mozplugger or setsebool -P unconfined_mozilla_plugin_transition 0 Selinux troubleshooter says that plugins from the browser do not have permission to write to the users home directory. This is most likely a good thing. I've not had a problem leaving this alone with mozplugger. This is a curious case since anything done via plugin should be denied. The last two lines which have been blocked in your selinux troubleshooter for some reason are as follows. That would be better than the boolean but not by much. What should happen is the plugin creator work with Fedora to have it's own directory for writes in the user directory. It's much more complicated and probably will not happen. I've been looking to see if it's possible to allow by binary name, still not optimal though. #============= mozilla_plugin_t ============== allow mozilla_plugin_t user_home_dir_t:file create; audit2allow -R #============= mozilla_plugin_t ============== allow mozilla_plugin_t user_home_dir_t:file create; *** Bug 907017 has been marked as a duplicate of this bug. *** |