Description of problem: SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'read' accesses on the file /root/.sage/sage_notebook.sagenb/twistedconf.tac. ***** Plugin catchall (100. confidence) suggests *************************** If cree que de manera predeterminada, plugin-config debería permitir acceso read sobre twistedconf.tac file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep plugin-config /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_config_t: s0-s0:c0.c1023 Target Context unconfined_u:object_r:admin_home_t:s0 Target Objects /root/.sage/sage_notebook.sagenb/twistedconf.tac [ file ] Source plugin-config Source Path /usr/lib/nspluginwrapper/plugin-config Port <Desconocido> Host (removed) Source RPM Packages nspluginwrapper-1.4.4-17.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.11.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.7-200.fc19.x86_64 #1 SMP Mon Nov 4 14:09:03 UTC 2013 x86_64 x86_64 Alert Count 9 First Seen 2013-11-16 14:15:46 ART Last Seen 2013-11-19 16:49:08 ART Local ID 605629f3-cd38-4e7f-b79d-3bc9c0528241 Raw Audit Messages type=AVC msg=audit(1384890548.182:486): avc: denied { read } for pid=2627 comm="plugin-config" path="/root/.sage/sage_notebook.sagenb/twistedconf.tac" dev="dm-1" ino=4913 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1384890548.182:486): avc: denied { write } for pid=2627 comm="plugin-config" path="/root/.sage/gp-expect.log" dev="dm-1" ino=4896 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1384890548.182:486): avc: denied { write } for pid=2627 comm="plugin-config" path="/root/.sage/gp-expect.log" dev="dm-1" ino=4896 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file type=SYSCALL msg=audit(1384890548.182:486): arch=x86_64 syscall=execve success=yes exit=0 a0=10a0260 a1=109ffc0 a2=10a1ba0 a3=213d items=0 ppid=2625 pid=2627 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm=plugin-config exe=/usr/lib/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 key=(null) Hash: plugin-config,mozilla_plugin_config_t,admin_home_t,file,read Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.7-200.fc19.x86_64 type: libreport Potential duplicate: bug 846489
You should not be running firefox as root, this is unsupported from an SELinux point of view and is considered very dangerous.