Description of problem: This happened when opening http://news.bbc.co.uk/2/hi/science/nature/7322113.stm (however, the movie clip was normally presented and could be played). Souhrn: SELinux is preventing npviewer.bin (nsplugin_t) "read" to ./.fonts.conf (user_fonts_config_t). Podrobný popis: SELinux denied access requested by npviewer.bin. It is not expected that this access is required by npviewer.bin and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./.fonts.conf, restorecon -v './.fonts.conf' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje unconfined_u:unconfined_r:nsplugin_t:SystemLow- SystemHigh Kontext cíle system_u:object_r:user_fonts_config_t Objekty cíle ./.fonts.conf [ file ] Zdroj npviewer.bin Cesta zdroje /usr/lib/nspluginwrapper/npviewer.bin Port <Neznámé> Počítač viklef.ceplovi.cz RPM balíčky zdroje RPM balíčky cíle RPM politiky selinux-policy-3.3.1-26.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu catchall_file Název počítače viklef.ceplovi.cz Platforma Linux viklef.ceplovi.cz 2.6.25-0.163.rc7.git1.fc9.i686 #1 SMP Thu Mar 27 09:56:04 EDT 2008 i686 i686 Počet uporoznění 1 Poprvé viděno Po 31. březen 2008, 22:49:39 CEST Naposledy viděno Po 31. březen 2008, 22:49:39 CEST Místní ID ff2bad8e-eea3-44d7-a58c-f0291af3166c Čísla řádků Původní zprávy auditu host=viklef.ceplovi.cz type=AVC msg=audit(1206996579.618:4245): avc: denied { read } for pid=24851 comm="npviewer.bin" name=".fonts.conf" dev=dm-6 ino=6636229 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_fonts_config_t:s0 tclass=file host=viklef.ceplovi.cz type=SYSCALL msg=audit(1206996579.618:4245): arch=40000003 syscall=33 success=no exit=-13 a0=93d9f28 a1=4 a2=1cf694 a3=93d9f28 items=0 ppid=24781 pid=24851 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=5 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): fontconfig-2.5.0-2.fc9.i386 filesystem-2.4.12-1.fc9.i386 selinux-policy-targeted-3.3.1-26.fc9.noarch flash-plugin-9.0.115.0-release.i386 How reproducible: 100% Steps to Reproduce: 1. open the above mentioned page 2. 3. Actual results: got SEtroubleshooter busy Expected results: shouldn't Additional info: I really don't know whom to blame for this -- whether too eager-to-deny SELinux policy for nspluginwrapper or nspluginwiever which does things which are not good.
Created attachment 299759 [details] part of /var/log/audit/audit.log
*** This bug has been marked as a duplicate of 250249 ***