Bug 909169
| Summary: | SELinux is preventing /opt/Adobe/Reader9/Reader/intellinux/bin/acroread from 'write' accesses on the file /home/kristjan/Downloads/lpg-0.4.pdf. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kristjan Stefansson <hk.stefansson> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 17 | CC: | dominick.grift, dwalsh, mgrepl | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | i686 | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | abrt_hash:e8e3aa2c1f77b91609c9e7728f2644fd03b21eb0423dd4ac293d470f72d7daf6 | ||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2013-02-08 16:59:31 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 695051 [details]
File: type
Created attachment 695052 [details]
File: hashmarkername
Do you have mozplugger installed? The following will turn off the confinement of mozilla plugins. # setsebool -P unconfined_mozilla_plugin_transition=0 If you have mozplugger installed it would need to be removed to keep mozilla confinement. I am not sure if acroread has its own plugin or not. I use evince rather then acroread. |
Additional info: libreport version: 2.0.18 kernel: 3.7.3-101.fc17.i686 description: :SELinux is preventing /opt/Adobe/Reader9/Reader/intellinux/bin/acroread from 'write' accesses on the file /home/kristjan/Downloads/lpg-0.4.pdf. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that acroread should be allowed write access on the lpg-0.4.pdf file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep acroread /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context unconfined_u:object_r:user_home_t:s0 :Target Objects /home/kristjan/Downloads/lpg-0.4.pdf [ file ] :Source acroread :Source Path /opt/Adobe/Reader9/Reader/intellinux/bin/acroread :Port <Unknown> :Host (removed) :Source RPM Packages AdobeReader_enu-9.5.3-1.i486 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-166.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.7.3-101.fc17.i686 #1 SMP Fri Jan : 18 17:52:48 UTC 2013 i686 i686 :Alert Count 3 :First Seen 2013-02-08 12:28:42 GMT :Last Seen 2013-02-08 12:47:20 GMT :Local ID 84bb6b8f-ef9c-4d8f-bda1-823e99ff7c17 : :Raw Audit Messages :type=AVC msg=audit(1360327640.658:114): avc: denied { write } for pid=3265 comm="acroread" path="/home/kristjan/Downloads/lpg-0.4.pdf" dev="dm-3" ino=522514 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1360327640.658:114): arch=i386 syscall=open success=no exit=EACCES a0=bdd3158 a1=242 a2=180 a3=bdd3158 items=0 ppid=3262 pid=3265 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4 tty=(none) comm=acroread exe=/opt/Adobe/Reader9/Reader/intellinux/bin/acroread subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) : :Hash: acroread,mozilla_plugin_t,user_home_t,file,write : :audit2allow : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t user_home_t:file write; : :audit2allow -R : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t user_home_t:file write; : Potential duplicate bug: 902048