Description of problem: SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from read, write access on the chr_file . ***** Plugin leaks (86.2 confidence) suggests ***************************** If você quer ignorar o fato do plugin-config estar tentando acesso read write de chr_file, pois você acredita que ele não deva precisar deste acesso. Then você precisa reportar isto como um erro. Você pode gerar um módulo de política local para dontaudit este acesso. Do # grep /usr/lib/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests ************************** If você acredita que o plugin-config deva ser permitido acesso de read write em chr_file por default. Then você precisa reportar este como um erro. Você pode gerar um módulo de política local para permitir este acesso. Do permitir este acesso agora executando: # grep plugin-config /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_config_t: s0-s0:c0.c1023 Target Context system_u:object_r:xserver_misc_device_t:s0 Target Objects [ chr_file ] Source plugin-config Source Path /usr/lib/nspluginwrapper/plugin-config Port <Unknown> Host (removed) Source RPM Packages nspluginwrapper-1.4.4-19.fc20.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-153.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.13.10-200.fc20.x86_64 #1 SMP Mon Apr 14 20:34:16 UTC 2014 x86_64 x86_64 Alert Count 3 First Seen 2014-04-29 10:40:57 BRT Last Seen 2014-04-29 19:28:23 BRT Local ID 197d1906-8608-4769-bfe6-0dda2a018430 Raw Audit Messages type=AVC msg=audit(1398810503.768:380): avc: denied { read write } for pid=2104 comm="plugin-config" path="/dev/ati/card0" dev="devtmpfs" ino=16293 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file type=AVC msg=audit(1398810503.768:380): avc: denied { read write } for pid=2104 comm="plugin-config" path="/dev/ati/card0" dev="devtmpfs" ino=16293 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file type=AVC msg=audit(1398810503.768:380): avc: denied { read write } for pid=2104 comm="plugin-config" path="/dev/ati/card0" dev="devtmpfs" ino=16293 scontext=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1398810503.768:380): arch=x86_64 syscall=execve success=yes exit=0 a0=23a7970 a1=23a87c0 a2=23a8800 a3=0 items=0 ppid=2102 pid=2104 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=plugin-config exe=/usr/lib/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:mozilla_plugin_config_t:s0-s0:c0.c1023 key=(null) Hash: plugin-config,mozilla_plugin_config_t,xserver_misc_device_t,chr_file,read,write Additional info: reporter: libreport-2.2.1 hashmarkername: setroubleshoot kernel: 3.13.10-200.fc20.x86_64 type: libreport Potential duplicate: bug 873912
commit 237dc154a2d3098125b9c37310458fb1589837a0 commit 856b883b8fd7c00de1494bb38f67723692b874d2 Add dontaudits for this into git
Backported F20
selinux-policy-3.12.1-161.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-161.fc20
Package selinux-policy-3.12.1-161.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-161.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-6084/selinux-policy-3.12.1-161.fc20 then log in and leave karma (feedback).
Package selinux-policy-3.12.1-163.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-163.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-6084/selinux-policy-3.12.1-163.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-163.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.