This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 428169 - SELinux is preventing /usr/lib/firefox- from loading /usr/lib/mozilla/plugins/ which requires text relocation.
SELinux is preventing /usr/lib/firefox- from loading ...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: firefox (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Martin Stransky
Depends On: 250249
  Show dependency treegraph
Reported: 2008-01-09 14:01 EST by Kenneth Morgan
Modified: 2008-07-21 13:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-15 03:37:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kenneth Morgan 2008-01-09 14:01:27 EST
Description of problem:

    SELinux is preventing /usr/lib/firefox- from loading
    /usr/lib/mozilla/plugins/ which requires text relocation.

Detailed Description
    The /usr/lib/firefox- application attempted to load
    /usr/lib/mozilla/plugins/ which requires text relocation.  This is a
    potential security problem. Most libraries do not need this permission.
    Libraries are sometimes coded incorrectly and request this permission.  The web page explains how to
    remove this requirement.  You can configure SELinux temporarily to allow
    /usr/lib/mozilla/plugins/ to use relocation as a workaround, until
    the library is fixed. Please file a against this package.

Allowing Access
    If you trust /usr/lib/mozilla/plugins/ to run correctly, you can
    change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t

    The following command will allow this access:
    chcon -t textrel_shlib_t /usr/lib/mozilla/plugins/

Additional Information        

Source Context                user_u:system_r:unconfined_t
Target Context                system_u:object_r:lib_t
Target Objects                /usr/lib/mozilla/plugins/ [ file ]
Affected RPM Packages         firefox- [application]
Policy RPM                    selinux-policy-2.4.6-106.el5_1.3
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execmod
Host Name           
Platform                      Linux
                              2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 EST
                              2007 i686 athlon
Alert Count                   2
Line Numbers                  

Raw Audit Messages            

avc: denied { execmod } for comm="firefox-bin" dev=dm-0 egid=500 euid=500
exe="/usr/lib/firefox-" exit=-13 fsgid=500 fsuid=500 gid=500
items=0 path="/usr/lib/mozilla/plugins/" pid=13983
scontext=user_u:system_r:unconfined_t:s0 sgid=500
subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Martin Stransky 2008-03-10 07:39:13 EDT
It's a known problem in Adobe Readed plugin.
Comment 2 Martin Stransky 2008-03-10 07:41:11 EDT
See Bug 250249.
Comment 3 Martin Stransky 2008-07-15 03:37:24 EDT
You can setsebool allow_ns_plugin_execmem=1

Note You need to log in before you can comment on or make changes to this bug.