Description of problem: SELinux is preventing /usr/local/firefox/firefox-bin from loading /usr/local/firefox/extensions/talkback/components/libqfaservices.so which requires text relocation. Version-Release number of selected component (if applicable): 2.0.0.6 How reproducible: Everytime I start firefox. Steps to Reproduce: 1. Load firefox (either from CLI, or the "Web Browser" button on the "task bar" 2. Wait for it to load, and observe the yellow Star show up in the status bar (clock, updates available, etc) 3. Open SE Trouble shoot browser and read the warning. Actual results: The above Expected results: For this warning not to happen. Additional info: The /usr/local/firefox/firefox-bin application attempted to load /usr/local/firefox/extensions/talkback/components/libqfaservices.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/local/firefox/extensions/talkback/components/libqfaservices.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package. Allowing Access =============== If you trust /usr/local/firefox/extensions/talkback/components/libqfaservices.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/firefox/extensions/talkback/components/libqfaservices.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/firefox/extensions/talkback/components/libqfaservices.so
Created attachment 204791 [details] Additional information from the SE Troubleshooter browser
Created attachment 207691 [details] selinux description of requested bug report on firefox First occurence was noticed post install of fc7, install was followed by firefox install and kernel update. SELinux reported the incident while installing google earth Similiar problem, SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from loading /usr/lib/firefox-2.0.0.5/plugins/nppdf.so which requires text relocation. Detailed DescriptionThe /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to load /usr/lib/firefox-2.0.0.5/plugins/nppdf.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. This SELinux trouble shooter report is very similiar to Bug 304421 Q applying the temporary fix/work around suggested by SELinux trouble shooter, what is the probability of a security breach, until the lib's text relocation code is addressed. Please file a bug report against this package. Allowing Access If you trust /usr/lib/firefox-2.0.0.5/plugins/nppdf.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/firefox-2.0.0.5/plugins/nppdf.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/lib/firefox-2.0.0.5/plugins/nppdf.so
At this point, we're going to only be taking security fixes and major stability fixes into this release of Fedora. However, we still want to ensure the bug is fixed in the next version. We'd appreciate if you could test Firefox 3, available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping as the default in Fedora rawhide and provide feedback as to whether it still exists so we can file a ticket upstream to try to fix it in Firefox 3 before it is released.
I've tried out Firefox 3 beta 3 and it does not appear to generate any SE Linux alerts. At least none appeared to be logged in var log messages.
Thanks for letting us know.