Bug 967149
Summary: | SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19/jre/bin/java from 'write' accesses on the file /home/rajuramvani/.icedtea/cache/recently_used. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | rajuramvani <rajuramvani> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dominick.grift, dwalsh, fran, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:a106c072fe3e9a3c56f3abbab209f2388f34cb9962274ed5b290c0c5b7741201 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-28 06:57:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
rajuramvani
2013-05-25 00:24:30 UTC
Should be fixed in the latest policy. # yum update selinux-policy-targeted Problem still persists with selinux-policy-3.12.1-48.fc19 Are you getting the same AVC msg? SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java from write access on the file /home/fdelapena/.icedtea/cache/recently_used. java-1.7.0-openjdk-1.7.0.19-2.3.9.12.fc19.x86_64 selinux-policy-3.12.1-52.fc19.noarch type=AVC msg=audit(1371538151.155:456): avc: denied { write } for pid=3274 comm="java" name="recently_used" dev="dm-2" ino=55975368 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1371538151.155:456): arch=x86_64 syscall=open success=no exit=EACCES a0=7ffc6c0a4550 a1=241 a2=1b6 a3=7ffcea9ed6e0 items=0 ppid=2241 pid=3274 auid=1000 uid=1000 gid=0 euid=1000 suid=1000 fsuid=1000 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=java exe=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: java,mozilla_plugin_t,user_home_t,file,write Another example: SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java from write access on the file /home/fdelapena/.icedtea/cache/5/https/www.bnonline.fi.cr/wa/authmech/base/Web410.jar. java-1.7.0-openjdk-1.7.0.19-2.3.9.12.fc19.x86_64 selinux-policy-3.12.1-52.fc19.noarch type=AVC msg=audit(1371538509.771:492): avc: denied { write } for pid=3422 comm="java" name="Web410.jar" dev="dm-2" ino=4981484 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1371538509.771:492): arch=x86_64 syscall=open success=no exit=EACCES a0=7f8c600844c0 a1=241 a2=1b6 a3=7f8cea58c6e0 items=0 ppid=3371 pid=3422 auid=1000 uid=1000 gid=0 euid=1000 suid=1000 fsuid=1000 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=java exe=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: java,mozilla_plugin_t,user_home_t,file,write What does # matchpathcon /home/fdelapena/.icedtea # matchpathcon /home/fdelapena/.icedtea /home/fdelapena/.icedtea unconfined_u:object_r:mozilla_home_t:s0 Please execute # restorecon -R -v /home/fdelapena Output at https://bugzilla.redhat.com/show_bug.cgi?id=964653#c11 And AVC dissappeared for this too. |