Bug 859704
| Summary: | SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, write access on the fifo_file /tmp/AtiXUEvent0000262a_018dc170. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alfred Sabitzer <alfred> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 17 | CC: | dominick.grift, dwalsh, mgrepl, support | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | abrt_hash:d1f6f336f9213649b356db36b5674c6b6561860e00ab65772b46d9acefa69b98 | ||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-12-20 16:14:08 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 616081 [details]
File: type
Created attachment 616082 [details]
File: hashmarkername
Any idea what you were doing when this happened? Basically I am interested how /tmp/AtiXUEvent0000262a_01b4e7e0 is created. Looks like a leak. Needs userdom_dontaudit_rw_user_tmp_pipes(mozilla_plugin_config_t) Added selinux-policy-3.10.0-153.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-153.fc17 Package selinux-policy-3.10.0-153.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-153.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15652/selinux-policy-3.10.0-153.fc17 then log in and leave karma (feedback). do not know. i got this error after i loaded fedora Package: (null) OS Release: Fedora release 17 (Beefy Miracle) selinux-policy-3.10.0-153.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |
Additional info: libreport version: 2.0.13 kernel: 3.5.4-1.fc17.x86_64 description: :SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, write access on the fifo_file /tmp/AtiXUEvent0000262a_018dc170. : :***** Plugin leaks (86.2 confidence) suggests ****************************** : :If sie möchten den read write Zugriff von plugin-config,auf AtiXUEvent0000262a_018dc170 fifo_file ignorieren, weil Sie glauben, dass dieser Zugriff nicht benötigt wird. :Then sie sollten dies als Fehler melden. :Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. :Do :# grep /usr/lib64/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -D -M mypol :# semodule -i mypol.pp : :***** Plugin catchall (14.7 confidence) suggests *************************** : :If sie denken, dass plugin-config standardmässig erlaubt sein sollte, read write Zugriff auf AtiXUEvent0000262a_018dc170 fifo_file zu erhalten. :Then sie sollten dies als Fehler melden. :Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. :Do :zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: :# grep plugin-config /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_config_t: : s0-s0:c0.c1023 :Target Context unconfined_u:object_r:user_tmp_t:s0 :Target Objects /tmp/AtiXUEvent0000262a_018dc170 [ fifo_file ] :Source plugin-config :Source Path /usr/lib64/nspluginwrapper/plugin-config :Port <Unbekannt> :Host (removed) :Source RPM Packages nspluginwrapper-1.4.4-11.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-149.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.4-1.fc17.x86_64 #1 SMP Mon Sep : 17 15:03:59 UTC 2012 x86_64 x86_64 :Alert Count 3 :First Seen 2012-09-23 13:10:28 CEST :Last Seen 2012-09-23 13:10:28 CEST :Local ID 55af39df-c8ac-4668-be1a-a58f7ea09680 : :Raw Audit Messages :type=AVC msg=audit(1348398628.524:1047): avc: denied { read write } for pid=9927 comm="plugin-config" path="/tmp/AtiXUEvent0000262a_018dc170" dev="sdc4" ino=53346592 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=fifo_file : : :type=AVC msg=audit(1348398628.524:1047): avc: denied { read write } for pid=9927 comm="plugin-config" path="/tmp/AtiXUEvent0000262a_01b4e7e0" dev="sdc4" ino=53346596 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=fifo_file : : :type=SYSCALL msg=audit(1348398628.524:1047): arch=x86_64 syscall=execve success=yes exit=0 a0=23abdf0 a1=23a7b90 a2=23ab470 a3=18 items=0 ppid=9925 pid=9927 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm=plugin-config exe=/usr/lib64/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 key=(null) : :Hash: plugin-config,mozilla_plugin_config_t,user_tmp_t,fifo_file,read,write : :audit2allow : :#============= mozilla_plugin_config_t ============== :allow mozilla_plugin_config_t user_tmp_t:fifo_file { read write }; : :audit2allow -R : :#============= mozilla_plugin_config_t ============== :allow mozilla_plugin_config_t user_tmp_t:fifo_file { read write }; :