Red Hat Bugzilla – Bug 1460477
Downloading Adobe Flash Access Library (libadobecp-301806-0.so) fails due to SELinux
Last modified: 2018-04-10 08:33:50 EDT
Description of problem: type=USER_AVC msg=audit(1497141763.144:3265): pid=978 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects dest=:1.54 spid=26245 tpid=1915 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:devicekit_disk_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-102.el7_3.16.noarch flash-plugin-11.2.202.644-release.x86_64 How reproducible: Everytime, see above and below. Actual results: Downloading Adobe Flash Access Library (libadobecp-301806-0.so) fails due to SELinux policy. Expected results: allow mozilla_plugin_t devicekit_disk_t:dbus send_msg; Additional info: Yes, mentioned version of Adobe Flash is outdated but it's the only one that provides DRM under Linux as it seems. And yes, that's the only message in the logs.
We're going to close this bug as WONTFIX because * of limited capacity of selinux-policy developers * the bug is related to EPEL component or 3rd party SW only * the bug appears in unsupported configuration We believe this bug can be fixed via a local policy module. For more information please see: * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow If you disagree, please re-open the bug.
(In reply to Lukas Vrabec from comment #4) > We're going to close this bug as WONTFIX because > > * of limited capacity of selinux-policy developers > * the bug is related to EPEL component or 3rd party SW only > * the bug appears in unsupported configuration > > We believe this bug can be fixed via a local policy module. > For more information please see: > > * > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/ > html/selinux_users_and_administrators_guide/sect-security-enhanced_linux- > troubleshooting-fixing_problems#sect-Security-Enhanced_Linux-Fixing_Problems- > Allowing_Access_audit2allow > > If you disagree, please re-open the bug. I am sorry, but this is not acceptable at all! RHEL ships the SELinux policy and covers with it 3rd party software. This is the old discussion, I already had with Dan Walsh years ago. From my point of view, Red Hat either needs to fix the SELinux policy when shipping policy modules affecting any 3rd party software, or ship a reduced set of the SELinux policy to only cover exactly the software shipped in RHEL. But as of writing, RHEL ships a SELinux policy covering both, but with the point that you, Red Hat, are now obviously even reluctant to fix issues in packages that are shipped with your product, RHEL.
Cross-filed ticket 01951077 on the Red Hat customer portal.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0763