Red Hat Bugzilla – Bug 438384
tmpwatch cannot access alloc when running compiz-fusion with firefox
Last modified: 2008-05-30 21:46:21 EDT
Description of problem: SElinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./alloc (usr_t) Version-Release number of selected component (if applicable): How reproducible: Run compiz-fusion icon with FireFox running with multiple tabs or windows. Steps to Reproduce: 1. Launch Compiz-fusion 2. Launch FireFox 3. Browse to sites with multimedia and/or have multiple windows/tabs open. Actual results: FireFox freezes and requires a force quit, SElinux opens giving the warning. Expected results: Additional info: When SElinux opens it says to allow access to invoke the command "restorecon -v './alloc'; however, when I do this,
Created attachment 298723 [details] SElinux alert for this problem.
Is the Firefox behavior reproducible? As far as I know, firefox doesn't start tmpwatch nor does it depend on tmpwatch - so either something is mislabeled (and run as tmpreaper_t when it shouldn't), or the tmpwatch report is unrelated to firefox hanging. As for the AVC itself, tmpwatch will touch anything in /tmp - so either it should be allowed to change the inode times, or dontaudited (perhaps deny - with dontaudit - even stat()ing the file).
I believe the FireFox issue is with compiz-fusion and having FireFox open in more than one workspace. As for the tmpwatch, I believe it may actually have to do with Force Quitting but I am still unsure, I will post more information when it happens again.
Yes this has nothing to do with SELinux. You or some app has mv'd a file "alloc" to /tmp from /usr which ended up with the wrong context. Either delete the file/direcory or chcon -Rt tmp_t /tmp/alloc This AVC happening at the same time is a coincidence. The other problem is a firefox issue, reassigning.
I actually believe the FireFox issue comes from having two FireFox windows open in two different workspaces. Thank you for the help with the tmp issue though.