Bug 1468800 - firefox causing multiple issues with selinux
firefox causing multiple issues with selinux
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firefox (Show other bugs)
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: Martin Stransky
Desktop QE
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2017-07-08 01:43 EDT by jigar
Modified: 2018-03-13 16:23 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Firefox Backtrace (2.62 KB, text/plain)
2017-07-08 01:43 EDT, jigar
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3380471 None None None 2018-03-13 16:23 EDT

  None (edit)
Description jigar 2017-07-08 01:43:24 EDT
Created attachment 1295461 [details]
Firefox Backtrace

Description of problem: Firefox is causing multiple issues with selinux enforcing. It causes firefox to crash and also prevents firefox from printing to file.

Version-Release number of selected component (if applicable): firefox-52.2.0-1

How reproducible: Always

Steps to Reproduce:

Printing Issue:

1. Open firefox
2. On any website, click Ctrl + P to open print dialog
3. Select Print to file 
4. Check if file is created at the said location

Firefox crashing :

Firefox crashes with "Gah. Your tab just crashed" 

( Attaching backtrace )

Actual results: With Selinux enforcing, firefox is crashing and preventing printing to file

Expected results: Firefox should not crash or prevent printing to file

Additional info:

Following workaround makes firefox work as desired :

$ setsebool -P unconfined_mozilla_plugin_transition 0

However, this is unacceptable by customers as production environment is affected and they would not like to disable selinux on it. Also, multiple customers are affected.
Comment 2 Martin Stransky 2017-07-10 04:46:40 EDT
It may be related to multiprocess. I think the customer has enabled e10s, which means that the web content is running in plugin-container which is blocked by SELinux. The plugin-container is also running NPAPI plugins (flash, java...) so that causes the SELinux confusion here.

A quick solution is to disable e10s by setting "browser.tabs.remote.force-disable" to true in about:config or create a .js pref file with this entry at /etc/firefox/pref directory.

See /usr/lib(64)/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js how the .js pref file looks like.
Comment 4 siwu 2017-07-13 03:19:32 EDT
Hi Martin,

I checked my environment (RHEL7 + firefox-52.2.0-1.el7_3.x86_64) but could not see "browser.tabs.remote.force-disable".(Could not find it in FF45 either.) Is this pref exist in Firefox 45/52?  Or did I miss anything?

Please advise. Thank you!
Comment 5 Martin Stransky 2017-07-13 03:26:01 EDT
Ahh, I see. Then you need to add it, click by right mouse on any entry here and select "New" and "Boolean" and put the name there.
Comment 7 Martin Stransky 2017-07-24 07:48:19 EDT
That comes from project Electrolysis which was introduced at Firefox 52, see https://wiki.mozilla.org/Electrolysis for details.

Note You need to log in before you can comment on or make changes to this bug.