Bug 458613 - SELinux is preventing the gtk-gnash from using potentially mislabeled files
SELinux is preventing the gtk-gnash from using potentially mislabeled files
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-08-10 18:06 EDT by Flóki Pálsson
Modified: 2008-09-09 14:20 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-09 08:33:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
part off yum.log and SELinux AVC (2.92 KB, text/plain)
2008-08-10 18:06 EDT, Flóki Pálsson
no flags Details

  None (edit)
Description Flóki Pálsson 2008-08-10 18:06:37 EDT
Created attachment 313899 [details]
part off yum.log and SELinux AVC

Description of problem:
AVC denials on flash page after innstalling swfdec files and gnash

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Install swfdec files and gnash ( see att from yum log )
In firefox open http://www.hi.is/
page opens , but AVC denials 
Actual results:

Expected results:

Additional info:
I have tried 
restorecon -R -v './.pulse'   
as root ( su - )
but that does not help
Comment 1 John Poelstra 2008-09-09 00:04:28 EDT
Please include the full output of the AVC message from setroubleshoot
Comment 2 Flóki Pálsson 2008-09-09 04:34:14 EDT
I think it is there.
There is now new line marker in the copy. 
Copy in to gedit.
Comment 3 Daniel Walsh 2008-09-09 08:30:33 EDT
The nsplugin process is trying to setattr on the .pulse directory.

This will not be allowed and should probably be dontaudited.  I don't see why a plugin would need to change the attributes of a directory.
Comment 4 Daniel Walsh 2008-09-09 08:33:22 EDT
Could you relabel your homedir to get the correct labeling on the directory.

restorecon -R -v ~/

Should fix it.

.pulse is supposed to be labeled .gnome_home  Which should eliminate the AVC.

Using restorecond should fix the labels when directories are created so nsplugin will work correctly.
Comment 5 Flóki Pálsson 2008-09-09 14:20:59 EDT
It works now. Flash too.

[floki@localhost ~]$ rpm -q gnash

Note You need to log in before you can comment on or make changes to this bug.