Description of problem: This must happen when I enable some plugins requeste by Blue Jeans. SELinux is preventing /usr/lib64/firefox/plugin-container from 'name_bind' accesses on the tcp_socket port 5994. ***** Plugin mozplugger (89.7 confidence) suggests ************************ If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall_boolean (10.0 confidence) suggests ****************** If you want to allow mozilla to plugin use spice Then you must tell SELinux about this by enabling the 'mozilla_plugin_use_spice' boolean. You can read 'None' man page for more details. Do setsebool -P mozilla_plugin_use_spice 1 ***** Plugin catchall (1.69 confidence) suggests ************************** If you believe that plugin-container should be allowed name_bind access on the port 5994 tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:vnc_port_t:s0 Target Objects port 5994 [ tcp_socket ] Source plugin-containe Source Path /usr/lib64/firefox/plugin-container Port 5994 Host (removed) Source RPM Packages firefox-40.0-4.fc22.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-128.10.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.5-200.fc22.x86_64 #1 SMP Mon Aug 10 23:38:23 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-08-24 15:57:10 CEST Last Seen 2015-08-24 15:57:10 CEST Local ID 48bb3dec-370c-4b8c-b7d9-385df781437b Raw Audit Messages type=AVC msg=audit(1440424630.5:648): avc: denied { name_bind } for pid=7109 comm="plugin-containe" src=5994 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket permissive=0 type=SYSCALL msg=audit(1440424630.5:648): arch=x86_64 syscall=bind success=no exit=EACCES a0=2c a1=7f4f7f0fb250 a2=10 a3=7f4f7f0fb28c items=0 ppid=3093 pid=7109 auid=16025 uid=16025 gid=16025 euid=16025 suid=16025 fsuid=16025 egid=16025 sgid=16025 fsgid=16025 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: plugin-containe,mozilla_plugin_t,vnc_port_t,tcp_socket,name_bind Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.5-200.fc22.x86_64 type: libreport Potential duplicate: bug 1018728
Yes, there is a bug with handling of bluejans boolean. Not sure what the correct solution is. We need to review these mozilla_plugins booleans.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.