1032254 – SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'read' accesses on the file /root/.sage/sage_notebook.sagenb/twistedconf.tac.

Bug 1032254 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'read' accesses on the file /root/.sage/sage_notebook.sagenb/twistedconf.tac.

Summary: SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'read' acce...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	19
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:8ed7d76e35e338642186ccc5ccb...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-19 19:56 UTC by lorenzofsierra
Modified:	2013-11-19 22:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-19 22:12:01 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description lorenzofsierra 2013-11-19 19:56:46 UTC

Description of problem:
SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'read' accesses on the file /root/.sage/sage_notebook.sagenb/twistedconf.tac.

*****  Plugin catchall (100. confidence) suggests  ***************************

If cree que de manera predeterminada, plugin-config debería permitir acceso read sobre  twistedconf.tac file.     
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso momentáneamente executando:
# grep plugin-config /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_config_t:
                              s0-s0:c0.c1023
Target Context                unconfined_u:object_r:admin_home_t:s0
Target Objects                /root/.sage/sage_notebook.sagenb/twistedconf.tac [
                              file ]
Source                        plugin-config
Source Path                   /usr/lib/nspluginwrapper/plugin-config
Port                          <Desconocido>
Host                          (removed)
Source RPM Packages           nspluginwrapper-1.4.4-17.fc19.i686
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-74.11.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.11.7-200.fc19.x86_64 #1 SMP Mon
                              Nov 4 14:09:03 UTC 2013 x86_64 x86_64
Alert Count                   9
First Seen                    2013-11-16 14:15:46 ART
Last Seen                     2013-11-19 16:49:08 ART
Local ID                      605629f3-cd38-4e7f-b79d-3bc9c0528241

Raw Audit Messages
type=AVC msg=audit(1384890548.182:486): avc:  denied  { read } for  pid=2627 comm="plugin-config" path="/root/.sage/sage_notebook.sagenb/twistedconf.tac" dev="dm-1" ino=4913 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file


type=AVC msg=audit(1384890548.182:486): avc:  denied  { write } for  pid=2627 comm="plugin-config" path="/root/.sage/gp-expect.log" dev="dm-1" ino=4896 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file


type=AVC msg=audit(1384890548.182:486): avc:  denied  { write } for  pid=2627 comm="plugin-config" path="/root/.sage/gp-expect.log" dev="dm-1" ino=4896 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file


type=SYSCALL msg=audit(1384890548.182:486): arch=x86_64 syscall=execve success=yes exit=0 a0=10a0260 a1=109ffc0 a2=10a1ba0 a3=213d items=0 ppid=2625 pid=2627 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm=plugin-config exe=/usr/lib/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 key=(null)

Hash: plugin-config,mozilla_plugin_config_t,admin_home_t,file,read

Additional info:
reporter:       libreport-2.1.9
hashmarkername: setroubleshoot
kernel:         3.11.7-200.fc19.x86_64
type:           libreport

Potential duplicate: bug 846489

Comment 1 Daniel Walsh 2013-11-19 22:12:01 UTC

You should not be running firefox as root, this is unsupported from an SELinux point of view and is considered very dangerous.

Note You need to log in before you can comment on or make changes to this bug.