Bug 181056 – Thunderbird says: "Could not initaliaze the browser's security component"

Bug 181056 - Thunderbird says: "Could not initaliaze the browser's security component"

Summary:	Thunderbird says: "Could not initaliaze the browser's security component"

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	x86_64 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-02-12 08:24 EST by Hans de Goede
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-05-02 16:13:31 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Hans de Goede 2006-02-12 08:24:54 EST

Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "

"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.

---

I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1

Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.

Comment 1 Daniel Walsh 2006-02-13 09:58:23 EST

What AVC messages are you seeing in the log files? 

/var/log/audit/audit.log and/or /var/log/messages

Comment 2 Hans de Goede 2006-02-13 10:13:18 EST

I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.

Comment 3 Daniel Walsh 2006-02-13 10:53:30 EST

Also see if setting any of the allow_exec* booleans clear up the problem

setsebool -P allow_execstack=1

Comment 4 Hans de Goede 2006-02-14 13:25:45 EST

setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?

BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?

Comment 5 Daniel Walsh 2006-02-14 18:12:29 EST

And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?

You can turn on all audit messages by

semodule -b /usr/share/selinux/targeted/enableaudit.pp

Turn them back off with

semodule -b /usr/share/selinux/targeted/base.pp

Comment 6 Hans de Goede 2006-05-02 16:13:31 EDT

I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.

Note You need to log in before you can comment on or make changes to this bug.