181056 – Thunderbird says: "Could not initaliaze the browser's security component"

Bug 181056 - Thunderbird says: "Could not initaliaze the browser's security component"

Summary: Thunderbird says: "Could not initaliaze the browser's security component"

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-02-12 13:24 UTC by Hans de Goede
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-05-02 20:13:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Hans de Goede 2006-02-12 13:24:54 UTC

Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "

"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.

---

I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1

Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.

Comment 1 Daniel Walsh 2006-02-13 14:58:23 UTC

What AVC messages are you seeing in the log files? 

/var/log/audit/audit.log and/or /var/log/messages

Comment 2 Hans de Goede 2006-02-13 15:13:18 UTC

I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.

Comment 3 Daniel Walsh 2006-02-13 15:53:30 UTC

Also see if setting any of the allow_exec* booleans clear up the problem

setsebool -P allow_execstack=1

Comment 4 Hans de Goede 2006-02-14 18:25:45 UTC

setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?

BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?

Comment 5 Daniel Walsh 2006-02-14 23:12:29 UTC

And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?

You can turn on all audit messages by

semodule -b /usr/share/selinux/targeted/enableaudit.pp

Turn them back off with

semodule -b /usr/share/selinux/targeted/base.pp

Comment 6 Hans de Goede 2006-05-02 20:13:31 UTC

I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.

Note You need to log in before you can comment on or make changes to this bug.