Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1473754

Summary:	Electrolysis enablement and inter-process communication causing SELinux errors
Product:	Red Hat Enterprise Linux 7	Reporter:	R P Herrold <herrold>
Component:	selinux-policy	Assignee:	Lukas Vrabec <lvrabec>
Status:	CLOSED WONTFIX	QA Contact:	Milos Malik <mmalik>
Severity:	low	Docs Contact:
Priority:	low
Version:	7.3	CC:	lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde, tpelka
Target Milestone:	rc	Keywords:	Reopened
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-08-30 13:48:05 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description R P Herrold 2017-07-21 14:37:03 UTC

Description of problem:

Freezes due to un-handled program requests, in an Electrolysis enabled Firefox

Version-Release number of selected component (if applicable):
firefox-52.2.0-1.el7.centos.x86_64

How reproducible:

as below

Steps to Reproduce:

Install Firefox
firefox-52.2.0-1.el7.centos.x86_64

start it through a SSH tunnel this ... I need to restart FF to get the exact command line and will supplement


add a well known Add-on, here, HTML tidy validator
   http://users.skynet.be/mgueury/mozilla/

open a new tab using <ctrl-T>

and the SELinux nose comes cascading in, and on the browser terminal window, errors as a result cascade in


The Add-On author has noticed that lockups are occurring due to the addition of Electrolysis.  I observe 'freezes and time-outs with the new Firefox

SOME of the lock ups may be reduced by disabling inter-tab IPC thus:

in: about:config
confirm settings are:

browser.tabs.remote.autostart = false
browser.tabs.remote.autostart.2 = false

see also: https://support.ant.com/hc/en-us/articles/115000513446-Firefox-51-Multi-Process

but obviously they are not aware of the SELinux aspect

Actual results:

SElinux denials


type=SYSCALL msg=audit(1500646529.638:11707): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f5b80510e00 a2=1c a3=7ffec499be10 items=0 ppid=18735 pid=19845 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646529.638:11708): avc:  denied  { name_connect } for  pid=19845 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646529.638:11708): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f5b8051a9f0 a2=10 a3=7ffec499c0a4 items=0 ppid=18735 pid=19845 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.266:11709): avc:  denied  { name_connect } for  pid=19851 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.266:11709): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7fa1bfb10e00 a2=1c a3=7ffed3f16650 items=0 ppid=18735 pid=19851 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.266:11710): avc:  denied  { name_connect } for  pid=19851 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1500646547.266:11710): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7fa1bfb1a9f0 a2=10 a3=7ffed3f168e4 items=0 ppid=18735 pid=19851 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.429:11711): avc:  denied  { name_connect } for  pid=19855 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.429:11711): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f2339810e00 a2=1c a3=7ffe55d2b040 items=0 ppid=18735 pid=19855 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.429:11712): avc:  denied  { name_connect } for  pid=19855 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.429:11712): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f233981a9f0 a2=10 a3=7ffe55d2b2d4 items=0 ppid=18735 pid=19855 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.519:11713): avc:  denied  { name_connect } for  pid=19859 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.519:11713): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f65af610e00 a2=1c a3=7ffe666542d0 items=0 ppid=18735 pid=19859 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.519:11714): avc:  denied  { name_connect } for  pid=19859 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.519:11714): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f65af61a9f0 a2=10 a3=7ffe66654564 items=0 ppid=18735 pid=19859 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.613:11715): avc:  denied  { name_connect } for  pid=19863 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.613:11715): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f9ed9510e00 a2=1c a3=7ffff4dcc2a0 items=0 ppid=18735 pid=19863 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(1500646547.613:11716): avc:  denied  { name_connect } for  pid=19863 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

type=SYSCALL msg=audit(1500646547.613:11716): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f9ed951a9f0 a2=10 a3=7ffff4dcc534 items=0 ppid=18735 pid=19863 auid=606 uid=606 gid=606 euid=606 suid=606 fsuid=606 egid=606 sgid=606 fsgid=606 tty=(none) ses=1529 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)


Browser StdErr noise is like this:


Parent 18735] WARNING: pipe error (61): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (69): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

[Parent 18735] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv


I will also build a ruleset and add to this bug

Expected results:

no hang ups, no SELinux denails

Additional info:

Comment 2 R P Herrold 2017-07-21 14:55:15 UTC

I added some detail and narrative to my invocation of FF

This session is nothing more than starting the script, which performs the actions in question noted in the userid contexts shown, and then typing: 
   <ctrl-T>
and in that opened tab, pasting the URL needed to update this bug:
   https://bugzilla.redhat.com/show_bug.cgi?id=1473754

privacy enhanced, isolated firefox invocation
current id: uid=500(herrold) gid=500(herrold) groups=500(herrold),10(wheel),135(mock),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

PEFF: ghola
note: ghola is a non-priv'd user on localhost, 
      which we access via a keyed SSH connection 
      to try to avoid some content exfiltration by 
      hostile web browser applications: Flash, etc 
THISHOST: centos-7.first.owlriver.net
Command: ssh -X  -t -t  -l ghola centos-7.first.owlriver.net firefox --no-remote   

now down in non-privacy enhanced firefox userid 
current id: uid=606(ghola) gid=606(ghola) groups=606(ghola),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Command: umask 022 ; /usr/bin/firefox --no-remote  --no-remote 
[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (74): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (74): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (65): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (75): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (68): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

[Parent 22460] WARNING: pipe error (62): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (75): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (68): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (66): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Parent 22460] WARNING: pipe error (67): Connection reset by peer: file /builddir/build/BUILD/firefox-52.2.0/firefox-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322

###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0085,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

Comment 3 R P Herrold 2017-07-21 14:57:48 UTC

and the SELinux denials and noise, through close of the firefox


[root@centos-7 audit]# tail -f audit.log | grep -v ssh | grep -v crond | grep -v success 


type=AVC msg=audit(1500648664.601:11945): avc:  denied  { name_connect } for  pid=22560 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.601:11946): avc:  denied  { name_connect } for  pid=22560 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.702:11947): avc:  denied  { name_connect } for  pid=22564 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.702:11948): avc:  denied  { name_connect } for  pid=22564 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.794:11949): avc:  denied  { name_connect } for  pid=22568 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1500648664.794:11950): avc:  denied  { name_connect } for  pid=22568 comm="plugin-containe" dest=6010 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket

Comment 4 R P Herrold 2017-07-21 16:39:41 UTC

Adding this rule:

[root@centos-7 selinux]# cat firefox-1473754.te

module firefox-1473754 1.0;

require {
        type xserver_port_t;
        type mozilla_plugin_t;
        class tcp_socket name_connect;
}

#============= mozilla_plugin_t ==============

#!!!! This avc can be allowed using the boolean 'mozilla_plugin_can_network_connect'
allow mozilla_plugin_t xserver_port_t:tcp_socket name_connect;

Via this command series as root:
 1507  Jul 21 12:28 cd selinux
 1508  Jul 21 12:28 yum -y install policycoreutils-python policycoreutils 
 1509  Jul 21 12:29 cat /var/log/audit/audit.log | audit2allow -m firefox-1473754 > firefox-1473754.te
 1510  Jul 21 12:30 checkmodule -M -m -o firefox-1473754.mod firefox-1473754.te
 1511  Jul 21 12:30 semodule_package -o firefox-1473754.pp -m firefox-1473754.mod
 1512  Jul 21 12:30  semodule -i firefox-1473754.pp


Solved the problem with <ctrl-T> and SELinux errors, as well as the matching Mozilla IPC errors

===========

There is a lingering bug in HTML Tidy, which I will take up with author elsewhere

privacy enhanced, isolated firefox invocation
current id: uid=500(herrold) gid=500(herrold) groups=500(herrold),10(wheel),135(mock),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
PEFF: ghola
note: ghola is a non-priv'd user on localhost, 
      which we access via a keyed SSH connection 
      to try to avoid some content exfiltration by 
      hostile web browser applications: Flash, etc 
THISHOST: centos-7.first.owlriver.net
Command: ssh -X  -t -t  -l ghola centos-7.first.owlriver.net firefox --no-remote   
now down in non-privacy enhanced firefox userid 
current id: uid=606(ghola) gid=606(ghola) groups=606(ghola),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Command: umask 022 ; /usr/bin/firefox --no-remote  --no-remote 

console.error: 
  Tidy Exception: 
  Message: NS_ERROR_DOM_RETVAL_UNDEFINED: Component returned failure code: 0x805303f5 [nsIChannel.open]
  Stack:
    TidyBrowser.prototype.getHtmlFromCache@chrome://tidy/content/tidyBrowser.js:720:18
TidyBrowser.prototype.validateDoc@chrome://tidy/content/tidyBrowser.js:926:22
TidyBrowser.prototype.validateCache@chrome://tidy/content/tidyBrowser.js:901:7
onTidyPageLoad@chrome://tidy/content/tidyBrowser.js:161:7

   / Stack: 
  TidyBrowser.prototype.getHtmlFromCache@chrome://tidy/content/tidyBrowser.js:720:18
TidyBrowser.prototype.validateDoc@chrome://tidy/content/tidyBrowser.js:926:22
TidyBrowser.prototype.validateCache@chrome://tidy/content/tidyBrowser.js:901:7
onTidyPageLoad@chrome://tidy/content/tidyBrowser.js:161:7

Comment 5 Martin Stransky 2017-08-10 11:09:45 UTC

Sorry, we don't have a capacity to fix that.

Comment 6 Martin Stransky 2017-08-10 11:12:03 UTC

Let's move it to selinux guys to investigate.

Comment 7 R P Herrold 2017-08-29 16:48:14 UTC

SE-Linux folks
I think the addition will look a lot like the fix needed and created for 'bluejeans'
   mozilla_plugin_use_bluejeans

-- Russ herrold

Comment 8 Lukas Vrabec 2017-08-30 13:48:05 UTC

Sorry, we don't have a capacity to fix that.