Red Hat Bugzilla – Bug 1316313
SELinux is preventing plugin-containe from 'sendto' accesses on the unix_dgram_socket @nvidiaf2aaa16b.
Last modified: 2016-07-19 16:57:00 EDT
Description of problem: SELinux is preventing plugin-containe from 'sendto' accesses on the unix_dgram_socket @nvidiaf2aaa16b. ***** Plugin mozplugger (99.1 confidence) suggests ************************ If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests ************************** If you believe that plugin-containe should be allowed sendto access on the @nvidiaf2aaa16b unix_dgram_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:xserver_t:s0-s0:c0.c1023 Target Objects @nvidiaf2aaa16b [ unix_dgram_socket ] Source plugin-containe Source Path plugin-containe Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.21.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.4.3-201.fc22.x86_64 #1 SMP Sat Feb 27 11:53:28 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-02-12 22:52:10 AST Last Seen 2016-03-09 19:45:31 AST Local ID f5647787-2d7f-4234-aa4a-1f12fbbc2959 Raw Audit Messages type=AVC msg=audit(1457567131.694:620): avc: denied { sendto } for pid=9226 comm="plugin-containe" path=006E7669646961663261616131366200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:xserver_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1 Hash: plugin-containe,mozilla_plugin_t,xserver_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-3.13.1-128.21.fc22.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.3-201.fc22.x86_64 type: libreport Potential duplicate: bug 1284397
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.