Description of problem: On selinux enabled Adobe Flash Player run stalled Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.run on terminal /usr/bin/system-config-selinux select on Status->System Default Enforcing Mode -> Disabled and Relabel on next reboot select 2.Modify from /boot/grub2/grub.cfg linux ......bla bla root= .. from "ro" to rw temporary 3.Reboot 4.Adobe Flash Player run normal 5 Enable again selinux -> Adobe Flash Player run stalled Actual results: Expected results: Additional info:
What AVC msgs are you getting?
A the moment relabeling system for few times whith changing mount root a "ro" to "rw" args from grub.cfg and all is ok. Only this message below appear but is not important: SELinux is preventing /usr/bin/perl from using the execmem access on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that perl should be allowed execmem access on processes labeled munin_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep munin-update /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:munin_t:s0-s0:c0.c1023 Target Context system_u:system_r:munin_t:s0-s0:c0.c1023 Target Objects [ process ] Source munin-update Source Path /usr/bin/perl Port <Unknown> Host 192-168-0-114.rdsnet.ro Source RPM Packages perl-5.16.3-265.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.10.fc19.noarch selinux- policy-3.12.1-74.11.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name 192-168-0-114.rdsnet.ro Platform Linux 192-168-0-114.rdsnet.ro 3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18 UTC 2013 x86_64 x86_64 Alert Count 11 First Seen 2013-11-11 18:05:02 EET Last Seen 2013-11-11 19:10:02 EET Local ID 23157f1d-a030-482b-8379-13ec4bf0d92f Raw Audit Messages type=AVC msg=audit(1384189802.371:668): avc: denied { execmem } for pid=3845 comm="munin-update" scontext=system_u:system_r:munin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:munin_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1384189802.371:668): arch=x86_64 syscall=mmap success=no exit=EACCES a0=3d252ca000 a1=3d000 a2=7 a3=812 items=0 ppid=3843 pid=3845 auid=988 uid=988 gid=984 euid=988 suid=988 fsuid=988 egid=984 sgid=984 fsgid=984 ses=16 tty=(none) comm=munin-update exe=/usr/bin/perl subj=system_u:system_r:munin_t:s0-s0:c0.c1023 key=(null) Hash: munin-update,munin_t,munin_t,process,execmem
Is't normal to change rw instead ro args on grub.
So you labeling is ok and not adobe is running correctly? You should be able to change your args for / to ro in grub and SELinux should work fine.