Description of problem: What business does SELinux have with blocking access to files in my /home? Souhrn: SELinux is preventing the npviewer.bin from using potentially mislabeled files (/home/matej/mel8-118.ogg). Podrobný popis: SELinux has denied npviewer.bin access to potentially mislabeled file(s) (/home/matej/mel8-118.ogg). This means that SELinux will not allow npviewer.bin to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Povolení přístupu: If you want npviewer.bin to access this files, you need to relabel them using restorecon -v '/home/matej/mel8-118.ogg'. You might want to relabel the entire directory using restorecon -R -v '/home/matej'. Další informace: Kontext zdroje unconfined_u:unconfined_r:nsplugin_t:SystemLow- SystemHigh Kontext cíle unconfined_u:object_r:user_home_t Objekty cíle /home/matej/mel8-118.ogg [ file ] Zdroj npviewer.bin Cesta zdroje /usr/lib64/nspluginwrapper/npviewer.bin Port <Neznámé> Počítač hubmaier.ceplovi.cz RPM balíčky zdroje nspluginwrapper-0.9.91.5-23.fc9 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-9.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu home_tmp_bad_labels Název počítače hubmaier.ceplovi.cz Platforma Linux hubmaier.ceplovi.cz 2.6.25-0.81.rc3.git2.fc9 #1 SMP Sun Mar 2 01:04:02 EST 2008 x86_64 x86_64 Počet uporoznění 5 Poprvé viděno Po 3. březen 2008, 17:05:55 CET Naposledy viděno Po 3. březen 2008, 17:09:05 CET Místní ID 08ffb0a6-aa57-4560-b041-9bfb9792cf31 Čísla řádků Původní zprávy auditu host=hubmaier.ceplovi.cz type=AVC msg=audit(1204560545.253:545): avc: denied { write } for pid=18541 comm="npviewer.bin" path="/home/matej/mel8-118.ogg" dev=dm-0 ino=3691553 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file host=hubmaier.ceplovi.cz type=AVC msg=audit(1204560545.253:545): avc: denied { read write } for pid=18541 comm="npviewer.bin" path="socket:[1052534]" dev=sockfs ino=1052534 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1204560545.253:545): arch=c000003e syscall=59 success=yes exit=0 a0=1be1600 a1=1be15a0 a2=1be0720 a3=8 items=0 ppid=10525 pid=18541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): selinux-policy-targeted-3.3.1-9.fc9.noarch nspluginwrapper-0.9.91.5-23.fc9.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Mozilla plugins could not read user files. I believe it's a feature, not a bug ;-)