Bug 207621 - Installation of flash plugin fails.
Summary: Installation of flash plugin fails.
Status: CLOSED DUPLICATE of bug 189622
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox   
(Show other bugs)
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-21 22:13 UTC by David Miller
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-10 20:26:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description David Miller 2006-09-21 22:13:03 UTC
Description of problem:

Installation of flash plugin via firefox browser fails with
SELINUX denials.

Version-Release number of selected component (if applicable):


How reproducible:

Always.

Steps to Reproduce:

1. Visit a web site with flash
2. click on the provided button in firefox to automatically search for and
install the Macromedia flash plugin.
3. Restart the browser and try to revisit the site using flash

audit(1158875743.418:164): avc:  denied  { execmod } for  pid=2295
comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=13272948
scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:lib_t:s0
tclass=file

Actual results:

AVC denial, as per the following kernel log message...

audit(1158875743.418:164): avc:  denied  { execmod } for  pid=2295
comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=13272948
scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:lib_t:s0
tclass=file

Expected results:

Flash loads and works properly.

Additional info:

Comment 1 Daniel Walsh 2006-09-21 22:47:18 UTC
What directory did it install it into?  Did you have restorecond running?

Comment 2 David Miller 2006-09-21 23:00:19 UTC
It installed by default into ~/.mozilla/plugins.  I tried also to copy
the plugin files, as root, into /usr/lib/mozilla/plugins/ and also
/usr/lib/firefox-1.5.0.7/plugins/, but the same failure occurs.

restorecond is running


Comment 3 Daniel Walsh 2006-09-21 23:09:35 UTC
restorecon libflashplayer.so

Should set its context to textrel_shlib_t

Which will allow it to work.



Comment 4 David Miller 2006-09-21 23:13:23 UTC
I'll try that out, thanks.

What should firefox be doing internall when it installs plugins in
order to avoid this problem?  Should it run restorecon after a plugin
install?  If it knows what files get put into the plugin/ directory
I suppose it could do that.


Comment 5 Daniel Walsh 2006-09-29 17:42:54 UTC
Yes or use the install command which has a built in restorecon.

Comment 6 David Miller 2006-09-29 23:01:18 UTC
Firefox hasn't had the necessary changes made which will make the
restorecon invocation occur, so why close the bug?  It's still there.

Please provide a reasoning when you close a bug.  It is very much still
a bug in that if someone tries to install flash right now as I did, the same
thing is likely to happen unless specific changes were made to Firefox
to deal with this issue.

I'm reopening this and I'd like to ask that it stay's open until the Firefox
issue is truly resolved.

Thanks a lot!


Comment 7 Daniel Walsh 2006-10-02 18:24:15 UTC
Fine that change the bug to firefox.  

Comment 8 Warren Togami 2007-01-10 20:26:09 UTC
It would be improper for firefox to change the selinux context of the downloaded
file itself.  This is due to Bug #189622 where Flash Player 7 using text
relocations, which is disallowed by selinux policy.  

Flash Player 9 due out soon fixes this problem.

Meanwhile, you can either:
1) http://macromedia.mplug.org/ Use the Flash Player 7 RPM from here which
avoids this problem.
2) http://labs.adobe.com/downloads/flashplayer9.html Use Flash Player 9 Beta2
3) Wait until Flash Player 9 is released soon.


*** This bug has been marked as a duplicate of 189622 ***


Note You need to log in before you can comment on or make changes to this bug.