Bug 909589

Summary: SELinux is preventing /usr/lib/ma-config/maconfservice from 'write' accesses on the file maconfservice.txt.
Product: [Fedora] Fedora Reporter: luke <fre.ri.sa>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:5a506d0dc80eaee322d6924e0a9ed95c5746a2e4e458718ced2abab1c5f5ec57
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-04 10:06:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: type
none
File: hashmarkername none

Description luke 2013-02-09 17:35:27 UTC 
Additional info:
libreport version: 2.0.18
kernel:         3.7.3-101.fc17.i686

description:
:SELinux is preventing /usr/lib/ma-config/maconfservice from 'write' accesses on the file maconfservice.txt.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If cree que de manera predeterminada, maconfservice debería permitir acceso write sobre  maconfservice.txt file.     
:Then debería reportar esto como un error.
:Puede generar un módulo de política local para permitir este acceso.
:Do
:permita el acceso momentáneamente executando:
:# grep maconfservice /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
:                              0.c1023
:Target Context                unconfined_u:object_r:lib_t:s0
:Target Objects                maconfservice.txt [ file ]
:Source                        maconfservice
:Source Path                   /usr/lib/ma-config/maconfservice
:Port                          <Desconocido>
:Host                          (removed)
:Source RPM Packages           Ma-Config.com-6.5.0.1-1.i386
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-166.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Permissive
:Host Name                     (removed)
:Platform                      Linux (removed) 3.7.3-101.fc17.i686 #1 SMP Fri Jan
:                              18 17:52:48 UTC 2013 i686 i686
:Alert Count                   1
:First Seen                    2013-02-09 13:32:19 AST
:Last Seen                     2013-02-09 13:32:19 AST
:Local ID                      c91890f5-1c65-49c0-85a8-1e552867b516
:
:Raw Audit Messages
:type=AVC msg=audit(1360431139.628:58): avc:  denied  { write } for  pid=1613 comm="maconfservice" name="maconfservice.txt" dev="sda3" ino=2109617 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1360431139.628:58): arch=i386 syscall=open success=yes exit=EIO a0=8ab7134 a1=8242 a2=1b6 a3=8ab73e0 items=0 ppid=1 pid=1613 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=maconfservice exe=/usr/lib/ma-config/maconfservice subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
:
:Hash: maconfservice,mozilla_plugin_t,lib_t,file,write
:
:audit2allow
:
:#============= mozilla_plugin_t ==============
:allow mozilla_plugin_t lib_t:file write;
:
:audit2allow -R
:
:#============= mozilla_plugin_t ==============
:allow mozilla_plugin_t lib_t:file write;
:
Comment 1 luke 2013-02-09 17:35:30 UTC 
Created attachment 695527 [details]
File: type
Comment 2 luke 2013-02-09 17:35:32 UTC 
Created attachment 695528 [details]
File: hashmarkername
Comment 3 Miroslav Grepl 2013-02-11 12:30:25 UTC 
What is maconfservice?

Where is maconfservice.txt exactly located?
Comment 4 Daniel Walsh 2013-02-12 18:12:35 UTC 
Are you running firefox as root?  You should not be doing this.
Comment 5 Fedora End Of Life 2013-07-04 00:56:25 UTC 
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.