Bug 246126 - SELinux and Thunderbird .parentlock denial
SELinux and Thunderbird .parentlock denial
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: thunderbird (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Christopher Aillon
Fedora Extras Quality Assurance
TB12ReproductionRequest
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-28 14:05 EDT by Florin Andrei
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-10 05:43:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florin Andrei 2007-06-28 14:05:05 EDT
Description of problem:
Thunderbird has become unstable since the selinux-policy update yesterday. It
crashed a couple times.

SELinux has denied /sbin/ldconfig access to potentially mislabeled file(s)
(/home/fandrei/.thunderbird/u1avjcki.default/.parentlock). This means that
SELinux will not allow /sbin/ldconfig to use these files. It is common for users
to edit files in their home directory or tmp directories and then move (mv) them
to system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

avc: denied { read, write } for comm="ldconfig" dev=sda3 egid=500 euid=500
exe="/sbin/ldconfig" exit=0 fsgid=500 fsuid=500 gid=500 items=0
name="xine-user.msf"
path="/home/fandrei/.thunderbird/u1avjcki.default/.parentlock" pid=5019
scontext=user_u:system_r:ldconfig_t:s0 sgid=500
subj=user_u:system_r:ldconfig_t:s0 suid=500 tclass=file
tcontext=user_u:object_r:user_home_t:s0 tty=(none) uid=500 

[fandrei@valar ~]$ ls -Z /home/fandrei/.thunderbird/u1avjcki.default/.parentlock
-rw-rw-r--  fandrei fandrei user_u:object_r:user_home_t     
/home/fandrei/.thunderbird/u1avjcki.default/.parentlock


Version-Release number of selected component (if applicable):
selinux-policy-2.6.4-21.fc7

How reproducible:
Somewhat reproducible

Steps to Reproduce:
1. run Thunderbird
2. wait
3.
  
Actual results:
Thunderbird goes kaboom

Expected results:
duh

Additional info:
Comment 1 Daniel Walsh 2007-07-01 20:25:25 EDT
Why would ldconfig be trying to read the files .parentlock?  I believe this is a
leaked file descriptor.  Some where thunderbird is execing ldconfig.  ldconfig
is looking at  all the open file descriptors and checking the access, this
generates this avc, but I am pretty sure should not cause any instability in
thunderbird.
Comment 2 Christopher Aillon 2007-07-02 11:04:58 EDT
Thunderbird doesn't call ldconfig anywhere as nothing it intalls ought to be in
a directory which ldconfig knows about it.
Comment 4 Matěj Cepl 2008-03-07 17:42:44 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test with the latest
version of Thunderbird (2.0.0.12) now available for your distribution and
provide feedback as to whether the problem still exists so we can file a ticket
upstream as soon as possible.
Comment 5 Matěj Cepl 2008-04-10 05:43:03 EDT
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

Note You need to log in before you can comment on or make changes to this bug.