Bug 181056 - Thunderbird says: "Could not initaliaze the browser's security component"
Thunderbird says: "Could not initaliaze the browser's security component"
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-12 08:24 EST by Hans de Goede
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-02 16:13:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hans de Goede 2006-02-12 08:24:54 EST
Running 2-3 days old rawhide with targeted policy, starting thunderbird says:
"Could not initaliaze the browser's security component. The most likely cause is
problem with files in your browser's profile directory. Please check that this
directory has no read/write restrictions. ... "

"setenforce 0" fixes this, strange enough no related denied messages in
/var/log/audit/audit.log . This is also fixed by booting with autorelabel as
kernel param, but only during the run/boot that the relabel was done a reboot
without the autorelabel restores the problem. This most likely is related to
some selinux problems with my home dir.

---

I have another problem with the same symptoms. My /etc/rc.d/rc.local contains:
su -l hans -c '/home/hans/bin/eponym.pl&' > /dev/null 2>&1

Which starts a perl script which updates my dyndns-entry. I have this script in
my homedir because the config is embedded inside the script. This used to work
but now it only works if I boot with autorelabel, and then only during the boot
with the autorelabel, not with consecutive boots, just as above.
Comment 1 Daniel Walsh 2006-02-13 09:58:23 EST
What AVC messages are you seeing in the log files? 

/var/log/audit/audit.log and/or /var/log/messages
Comment 2 Hans de Goede 2006-02-13 10:13:18 EST
I searched for denied messages in /var/log/audit/audit.log and I couldn't find
any related messages. I'll check /var/log/messages tonigth when I'm behind the
box with the problem.
Comment 3 Daniel Walsh 2006-02-13 10:53:30 EST
Also see if setting any of the allow_exec* booleans clear up the problem

setsebool -P allow_execstack=1
Comment 4 Hans de Goede 2006-02-14 13:25:45 EST
setsebool -P allow_execstack=1 fixes thunderbird, thanks. Still no messages in
either log file. It seems that /var/log/audit/audit.log no longer gets any
messages? Maybe auditing has been disabled in the latest kernels?

BTW, the launching of the perl script in my homedir from /etc/rc.d/rc.local
still only works on the boot autorelabel is given on the cmdline I thought this
was related because it shared this only working once after autorelabel with
thunderbird, but I guess it is not related, seperate bug?
Comment 5 Daniel Walsh 2006-02-14 18:12:29 EST
And you see no AVC messages? in /var/log/audit/audit.log or /var/log/messages?

You can turn on all audit messages by

semodule -b /usr/share/selinux/targeted/enableaudit.pp

Turn them back off with

semodule -b /usr/share/selinux/targeted/base.pp
Comment 6 Hans de Goede 2006-05-02 16:13:31 EDT
I just did a setsebool -P allow_execstack=0 and tested Thunderbird again (on
rawhide) all is well now, closing.

Note You need to log in before you can comment on or make changes to this bug.