Bug 427590 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from loading /usr/lib/mozilla/plugins/nppdf.so which requires text relocation.
SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from loading /usr...
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2008-01-04 17:27 EST by Chris Eilbeck
Modified: 2008-03-06 09:51 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-05 17:17:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Eilbeck 2008-01-04 17:27:05 EST
Detailed DescriptionThe /usr/lib/nspluginwrapper/npviewer.bin application
attempted to load /usr/lib/mozilla/plugins/nppdf.so which requires text
relocation. This is a potential security problem. Most libraries do not need
this permission. Libraries are sometimes coded incorrectly and request this
permission. The SELinux Memory Protection Tests web page explains how to remove
this requirement. You can configure SELinux temporarily to allow
/usr/lib/mozilla/plugins/nppdf.so to use relocation as a workaround, until the
library is fixed. Please file a bug report against this package.Allowing
AccessIf you trust /usr/lib/mozilla/plugins/nppdf.so to run correctly, you can
change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
/usr/lib/mozilla/plugins/nppdf.so" You must also change the default file context
files on the system in order to preserve them even on a full relabel. "semanage
fcontext -a -t textrel_shlib_t /usr/lib/mozilla/plugins/nppdf.so"The following
command will allow this access:chcon -t textrel_shlib_t
/usr/lib/mozilla/plugins/nppdf.soAdditional InformationSource
Context:  system_u:system_r:unconfined_t:s0Target
Context:  system_u:object_r:lib_t:s0Target
Objects:  /usr/lib/mozilla/plugins/nppdf.so [ file ]Affected RPM
Packages:  nspluginwrapper- [application]Policy
RPM:  selinux-policy-3.0.8-72.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.allow_execmodHost
Name:  localhost.localdomainPlatform:  Linux localhost.localdomain #1 SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64Alert
Count:  22First Seen:  Thu 03 Jan 2008 09:34:06 PM GMTLast Seen:  Fri 04 Jan
2008 10:21:48 PM GMTLocal ID:  df01f0d4-dfff-4efb-a999-c118d6cdd2e3Line
Numbers:  Raw Audit Messages :avc: denied { execmod } for comm=npviewer.bin
dev=dm-0 egid=500 euid=500 exe=/usr/lib/nspluginwrapper/npviewer.bin exit=-13
fsgid=500 fsuid=500 gid=500 items=0 path=/usr/lib/mozilla/plugins/nppdf.so
pid=4311 scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500
Comment 1 Daniel Walsh 2008-01-08 14:03:46 EST
Bad file context 

restorecon -v /usr/lib/mozilla/plugins/nppdf.so
Comment 2 Daniel Walsh 2008-03-05 17:17:08 EST
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.
Comment 3 Chris Eilbeck 2008-03-06 09:51:36 EST
many thanks, the "restorecon" seems to have fixed this problem.


Note You need to log in before you can comment on or make changes to this bug.