Bug 246126 - SELinux and Thunderbird .parentlock denial
Summary: SELinux and Thunderbird .parentlock denial
Alias: None
Product: Fedora
Classification: Fedora
Component: thunderbird   
(Show other bugs)
Version: 7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact: Fedora Extras Quality Assurance
Whiteboard: TB12ReproductionRequest
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-28 18:05 UTC by Florin Andrei
Modified: 2018-04-11 18:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-10 09:43:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Florin Andrei 2007-06-28 18:05:05 UTC
Description of problem:
Thunderbird has become unstable since the selinux-policy update yesterday. It
crashed a couple times.

SELinux has denied /sbin/ldconfig access to potentially mislabeled file(s)
(/home/fandrei/.thunderbird/u1avjcki.default/.parentlock). This means that
SELinux will not allow /sbin/ldconfig to use these files. It is common for users
to edit files in their home directory or tmp directories and then move (mv) them
to system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

avc: denied { read, write } for comm="ldconfig" dev=sda3 egid=500 euid=500
exe="/sbin/ldconfig" exit=0 fsgid=500 fsuid=500 gid=500 items=0
path="/home/fandrei/.thunderbird/u1avjcki.default/.parentlock" pid=5019
scontext=user_u:system_r:ldconfig_t:s0 sgid=500
subj=user_u:system_r:ldconfig_t:s0 suid=500 tclass=file
tcontext=user_u:object_r:user_home_t:s0 tty=(none) uid=500 

[fandrei@valar ~]$ ls -Z /home/fandrei/.thunderbird/u1avjcki.default/.parentlock
-rw-rw-r--  fandrei fandrei user_u:object_r:user_home_t     

Version-Release number of selected component (if applicable):

How reproducible:
Somewhat reproducible

Steps to Reproduce:
1. run Thunderbird
2. wait
Actual results:
Thunderbird goes kaboom

Expected results:

Additional info:

Comment 1 Daniel Walsh 2007-07-02 00:25:25 UTC
Why would ldconfig be trying to read the files .parentlock?  I believe this is a
leaked file descriptor.  Some where thunderbird is execing ldconfig.  ldconfig
is looking at  all the open file descriptors and checking the access, this
generates this avc, but I am pretty sure should not cause any instability in

Comment 2 Christopher Aillon 2007-07-02 15:04:58 UTC
Thunderbird doesn't call ldconfig anywhere as nothing it intalls ought to be in
a directory which ldconfig knows about it.

Comment 4 Matěj Cepl 2008-03-07 22:42:44 UTC
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test with the latest
version of Thunderbird ( now available for your distribution and
provide feedback as to whether the problem still exists so we can file a ticket
upstream as soon as possible.

Comment 5 Matěj Cepl 2008-04-10 09:43:03 UTC
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional


Note You need to log in before you can comment on or make changes to this bug.