Bug 470666 - AVC messages are generated when I open a URL from within Alpine
AVC messages are generated when I open a URL from within Alpine
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-08 11:54 EST by Tom Diehl
Modified: 2009-04-02 00:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-02 00:44:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
AVC generated in the audit log (1.28 KB, text/plain)
2008-11-08 11:54 EST, Tom Diehl
no flags Details

  None (edit)
Description Tom Diehl 2008-11-08 11:54:27 EST
Created attachment 322955 [details]
AVC generated in the audit log

Description of problem:
When I open a url I received in an email from within alpine I get an AVC messages about a file in my homedir being mislabeled. I ran resrorecon on my home dir as suggested in setroubleshoot but I still get the AVC. When I do the above the URL does open in firefox as expected.

Version-Release number of selected component (if applicable):
(tigger pts2) $ rpm -qa | grep -i selinux
libselinux-2.0.73-1.fc10.x86_64
libselinux-utils-2.0.73-1.fc10.x86_64
selinux-policy-3.5.13-11.fc10.noarch
selinux-policy-targeted-3.5.13-11.fc10.noarch
libselinux-python-2.0.73-1.fc10.x86_64
(tigger pts2) $ rpm -qa | grep -i alpine
alpine-2.00-1.fc10.x86_64
(tigger pts2) $ rpm -qa | grep -i firefox
firefox-3.0.2-1.fc10.x86_64
(tigger pts2) $

How reproducible:
Every time

Steps to Reproduce:
1. Click on a URL in an email from within alpine.
2.
3.
  
Actual results:
AVC generated

Expected results:
No AVC

Additional info: In addition I ran setenforce 0 ; restorecon -v -R / ; setenforce 1 to be sure this was not mislabeled files.
Comment 1 Daniel Walsh 2008-11-10 10:42:01 EST
I can allow nsplugin_config to read user content.
Fixed in selinux-policy-3.5.13-19.fc10

But the named_conf_t seems to be a mislabeled file.  Did you relabel a directory named_conf_t.  It does not make sense that nsplugin would be looking in a directory labeled named_conf_t?
Comment 2 Tom Diehl 2008-11-10 22:06:18 EST
Thanks for the updated policy.

To answer your question, No I did not relabel any directories. I ran restorecon -vR / prior to the last policy update. I just rebooted the machine and set it to automatically relabel the machine. I will see if that fixes the problem.
Comment 3 Bug Zapper 2008-11-26 00:03:11 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.