1528783 – Firefox no longer works in a sandbox after updating to Fedora 27

Bug 1528783 - Firefox no longer works in a sandbox after updating to Fedora 27

Summary: Firefox no longer works in a sandbox after updating to Fedora 27

Keywords:
Status:	CLOSED DUPLICATE of bug 1474082
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	27
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-12-24 02:36 UTC by Martin K. Petersen
Modified:	2018-01-02 13:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-02 13:44:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Martin K. Petersen 2017-12-24 02:36:45 UTC

Description of problem:

Fedora 27 broke sandboxing firefox. This worked in all previous releases.

The firefox window is all black when run in a sandbox. After tweaking policy to permit mmapping files in tmpfs, things become visible in the window. However, https connections fail.

Running using unconfined_t works fine. sandbox_web_t and sandbox_x_t both fail.

How reproducible:

Every time

Steps to Reproduce:

1. sandbox -H foo -T bar -t sandbox_web_t -X firefox

Actual results:

Initially black screen. After tweaking policy, http connections do not work.

Expected results:

Working browser.

Additional info:

The audit log contains a message that sandboxX.sh has been denied an nnp_transition.

Comment 1 Petr Lautrbach 2018-01-02 13:44:46 UTC


*** This bug has been marked as a duplicate of bug 1474082 ***

Note You need to log in before you can comment on or make changes to this bug.