Bug 1473754 - Electrolysis enablement and inter-process communication causing SELinux errors
Electrolysis enablement and inter-process communication causing SELinux errors
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.3
x86_64 Linux
low Severity low
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-21 10:37 EDT by R P Herrold
Modified: 2017-08-30 09:48 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-30 09:48:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1383141 None None None 2017-07-21 13:19 EDT

  None (edit)
Description R P Herrold 2017-07-21 10:37:03 EDT
Description of problem:

Freezes due to un-handled program requests, in an Electrolysis enabled Firefox

Version-Release number of selected component (if applicable):
firefox-52.2.0-1.el7.centos.x86_64

How reproducible:

as below

Steps to Reproduce:

Install Firefox
firefox-52.2.0-1.el7.centos.x86_64

start it through a SSH tunnel this ... I need to restart FF to get the exact command line and will supplement


add a well known Add-on, here, HTML tidy validator
   http://users.skynet.be/mgueury/mozilla/

open a new tab using <ctrl-T>

and the SELinux nose comes cascading in, and on the browser terminal window, errors as a result cascade in


The Add-On author has noticed that lockups are occurring due to the addition of Electrolysis.  I observe 'freezes and time-outs with the new Firefox

SOME of the lock ups may be reduced by disabling inter-tab IPC thus:

in: about:config
confirm settings are:

browser.tabs.remote.autostart = false
browser.tabs.remote.autostart.2 = false

see also: https://support.ant.com/hc/en-us/articles/115000513446-Firefox-51-Multi-Process

but obviously they are not aware of the SELinux aspect

Actual results:

SElinux denials


type=SYSCALL msg=audit(1500646529.638:11707): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f5b80510e00 a2=1c a3=7ffec499be10 items=0 ppid=18735 pid=19845 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646529.638:11708): avc:  denied  { name_connect } for  pid=19845 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646529.638:11708): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f5b8051a9f0 a2=10 a3=7ffec499c0a4 items=0 ppid=18735 pid=19845 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.266:11709): avc:  denied  { name_connect } for  pid=19851 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.266:11709): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7fa1bfb10e00 a2=1c a3=7ffed3f16650 items=0 ppid=18735 pid=19851 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.266:11710): avc:  denied  { name_connect } for  pid=19851 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1500646547.266:11710): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7fa1bfb1a9f0 a2=10 a3=7ffed3f168e4 items=0 ppid=18735 pid=19851 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.429:11711): avc:  denied  { name_connect } for  pid=19855 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.429:11711): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f2339810e00 a2=1c a3=7ffe55d2b040 items=0 ppid=18735 pid=19855 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.429:11712): avc:  denied  { name_connect } for  pid=19855 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.429:11712): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f233981a9f0 a2=10 a3=7ffe55d2b2d4 items=0 ppid=18735 pid=19855 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.519:11713): avc:  denied  { name_connect } for  pid=19859 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.519:11713): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f65af610e00 a2=1c a3=7ffe666542d0 items=0 ppid=18735 pid=19859 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.519:11714): avc:  denied  { name_connect } for  pid=19859 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.519:11714): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f65af61a9f0 a2=10 a3=7ffe66654564 items=0 ppid=18735 pid=19859 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.613:11715): avc:  denied  { name_connect } for  pid=19863 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.613:11715): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f9ed9510e00 a2=1c a3=7ffff4dcc2a0 items=0 ppid=18735 pid=19863 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.613:11716): avc:  denied  { name_connect } for  pid=19863 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.613:11716): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f9ed951a9f0 a2=10 a3=7ffff4dcc534 items=0 ppid=18735 pid=19863 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)


Browser StdErr noise is like this:


Parent 18735] WARNING: pipe error (61): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (69): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv


I will also build a ruleset and add to this bug

Expected results:

no hang ups, no SELinux denails

Additional info:
Comment 2 R P Herrold 2017-07-21 10:55:15 EDT
I added some detail and narrative to my invocation of FF

This session is nothing more than starting the script, which performs the actions in question noted in the userid contexts shown, and then typing: 
   <ctrl-T>
and in that opened tab, pasting the URL needed to update this bug:
   https://bugzilla.redhat.com/show_bug.cgi?id=1473754

privacy enhanced, isolated firefox invocation
current id: uid=500(herrold) gid=500(herrold) groups=500(herrold),10(wheel),135(mock),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

PEFF: ghola
note: ghola is a non-priv'd user on localhost, 
      which we access via a keyed SSH connection 
      to try to avoid some content exfiltration by 
      hostile web browser applications: Flash, etc 
THISHOST: centos-7.first.owlriver.net
Command: ssh -X  -t -t  -l ghola centos-7.first.owlriver.net firefox --no-remote   

now down in non-privacy enhanced firefox userid 
current id: uid=606(ghola) gid=606(ghola) groups=606(ghola),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Command: umask 022 ; /usr/bin/firefox --no-remote  --no-remote 
[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (74): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (74): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (75): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (68): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (75): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (68): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv
Comment 3 R P Herrold 2017-07-21 10:57:48 EDT
and the SELinux denials and noise, through close of the firefox


[root@centos-7 audit]# tail -f audit.log | grep -v ssh | grep -v crond | grep -v success 


type=AVC msg=audit(1500648664.601:11945): avc:  denied  { name_connect } for  pid=22560 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.601:11946): avc:  denied  { name_connect } for  pid=22560 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.702:11947): avc:  denied  { name_connect } for  pid=22564 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.702:11948): avc:  denied  { name_connect } for  pid=22564 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.794:11949): avc:  denied  { name_connect } for  pid=22568 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.794:11950): avc:  denied  { name_connect } for  pid=22568 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
Comment 4 R P Herrold 2017-07-21 12:39:41 EDT
Adding this rule:

[root@centos-7 selinux]# cat firefox-1473754.te

module firefox-1473754 1.0;

require {
        type xserver_port_t;
        type mozilla_plugin_t;
        class tcp_socket name_connect;
}

#============= mozilla_plugin_t ==============

#!!!! This avc can be allowed using the boolean 'mozilla_plugin_can_network_connect'
allow mozilla_plugin_t xserver_port_t:tcp_socket name_connect;

Via this command series as root:
 1507  Jul 21 12:28 cd selinux
 1508  Jul 21 12:28 yum -y install policycoreutils-python policycoreutils 
 1509  Jul 21 12:29 cat /var/log/audit/audit.log | audit2allow -m firefox-1473754 > firefox-1473754.te
 1510  Jul 21 12:30 checkmodule -M -m -o firefox-1473754.mod firefox-1473754.te
 1511  Jul 21 12:30 semodule_package -o firefox-1473754.pp -m firefox-1473754.mod
 1512  Jul 21 12:30  semodule -i firefox-1473754.pp


Solved the problem with <ctrl-T> and SELinux errors, as well as the matching Mozilla IPC errors

===========

There is a lingering bug in HTML Tidy, which I will take up with author elsewhere

privacy enhanced, isolated firefox invocation
current id: uid=500(herrold) gid=500(herrold) groups=500(herrold),10(wheel),135(mock),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
PEFF: ghola
note: ghola is a non-priv'd user on localhost, 
      which we access via a keyed SSH connection 
      to try to avoid some content exfiltration by 
      hostile web browser applications: Flash, etc 
THISHOST: centos-7.first.owlriver.net
Command: ssh -X  -t -t  -l ghola centos-7.first.owlriver.net firefox --no-remote   
now down in non-privacy enhanced firefox userid 
current id: uid=606(ghola) gid=606(ghola) groups=606(ghola),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Command: umask 022 ; /usr/bin/firefox --no-remote  --no-remote 

console.error: 
  Tidy Exception: 
  Message: NS_ERROR_DOM_RETVAL_UNDEFINED: Component returned failure code: 0x805303f5 [nsIChannel.open]
  Stack:
    TidyBrowser.prototype.getHtmlFromCache@chrome://tidy/content/tidyBrowser.js:720:18
TidyBrowser.prototype.validateDoc@chrome://tidy/content/tidyBrowser.js:926:22
TidyBrowser.prototype.validateCache@chrome://tidy/content/tidyBrowser.js:901:7
onTidyPageLoad@chrome://tidy/content/tidyBrowser.js:161:7

   / Stack: 
  TidyBrowser.prototype.getHtmlFromCache@chrome://tidy/content/tidyBrowser.js:720:18
TidyBrowser.prototype.validateDoc@chrome://tidy/content/tidyBrowser.js:926:22
TidyBrowser.prototype.validateCache@chrome://tidy/content/tidyBrowser.js:901:7
onTidyPageLoad@chrome://tidy/content/tidyBrowser.js:161:7
Comment 5 Martin Stransky 2017-08-10 07:09:45 EDT
Sorry, we don't have a capacity to fix that.
Comment 6 Martin Stransky 2017-08-10 07:12:03 EDT
Let's move it to selinux guys to investigate.
Comment 7 R P Herrold 2017-08-29 12:48:14 EDT
SE-Linux folks
I think the addition will look a lot like the fix needed and created for 'bluejeans'
   mozilla_plugin_use_bluejeans

-- Russ herrold
Comment 8 Lukas Vrabec 2017-08-30 09:48:05 EDT
Sorry, we don't have a capacity to fix that.

Note You need to log in before you can comment on or make changes to this bug.