SELinux is preventing /usr/lib64/seamonkey/plugin-container from unix_write access on the semaphore Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that plugin-container should be allowed unix_write access on the Unknown sem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:sandbox_net_t:s0:c578,c967 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Target Objects Unknown [ sem ] Source plugin-containe Source Path /usr/lib64/seamonkey/plugin-container Port <Unknown> Host abcdefg Source RPM Packages seamonkey-2.30-1.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-92.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name abcdefg Platform Linux abcdefg 3.17.1-304.fc21.x86_64 #1 SMP Sat Oct 25 00:56:36 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-11-01 13:49:54 MSK Last Seen 2014-11-01 13:49:54 MSK Local ID fecba273-2faa-4f78-abfd-7e6890d86100 Raw Audit Messages type=AVC msg=audit(1414835394.985:439): avc: denied { unix_write } for pid=6090 comm="plugin-containe" key=5678293 scontext=unconfined_u:unconfined_r:sandbox_net_t:s0:c578,c967 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=sem permissive=0 type=SYSCALL msg=audit(1414835394.985:439): arch=x86_64 syscall=semget success=no exit=EACCES a0=56a4d5 a1=1 a2=380 a3=89d items=0 ppid=6033 pid=6090 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/seamonkey/plugin-container subj=unconfined_u:unconfined_r:sandbox_net_t:s0:c578,c967 key=(null) Hash: plugin-containe,sandbox_net_t,unconfined_t,sem,unix_write then: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol compilation failed: mypol.te:14:ERROR 'syntax error' at token 'mlsconstrain' on line 14: mlsconstrain sem { create destroy setattr write unix_write } ((h1 dom h2 -Fail-) or (t1 != mcs_constrained_type -Fail-) ); Constraint DENIED #Constraint rule: /usr/bin/checkmodule: error(s) encountered while parsing configuration /usr/bin/checkmodule: loading policy configuration from mypol.te
*** This bug has been marked as a duplicate of bug 1155974 ***