Bug 181056 - Thunderbird says: "Could not initaliaze the browser's security component"
Summary: Thunderbird says: "Could not initaliaze the browser's security component"
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: x86_64 Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-12 13:24 UTC by Hans de Goede
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-02 20:13:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Hans de Goede 2006-02-12 13:24:54 UTC 
Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "

"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.

---

I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1

Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.
Comment 1 Daniel Walsh 2006-02-13 14:58:23 UTC 
What AVC messages are you seeing in the log files? 

/var/log/audit/audit.log and/or /var/log/messages
Comment 2 Hans de Goede 2006-02-13 15:13:18 UTC 
I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.
Comment 3 Daniel Walsh 2006-02-13 15:53:30 UTC 
Also see if setting any of the allow_exec* booleans clear up the problem

setsebool -P allow_execstack=1
Comment 4 Hans de Goede 2006-02-14 18:25:45 UTC 
setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?

BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?
Comment 5 Daniel Walsh 2006-02-14 23:12:29 UTC 
And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?

You can turn on all audit messages by

semodule -b /usr/share/selinux/targeted/enableaudit.pp

Turn them back off with

semodule -b /usr/share/selinux/targeted/base.pp
Comment 6 Hans de Goede 2006-05-02 20:13:31 UTC 
I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.
Note You need to log in before you can comment on or make changes to this bug.