Bug 494694 - no sound from web browser plugins; npviewer.bin (nsplugin_t) "getattr" to /dev/shm/pulse-shm-2938139917 (tmpfs_t)
no sound from web browser plugins; npviewer.bin (nsplugin_t) "getattr" to /d...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-04-07 15:38 EDT by Tomasz Torcz
Modified: 2009-04-08 09:45 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-08 09:45:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomasz Torcz 2009-04-07 15:38:54 EDT

SELinux is preventing npviewer.bin (nsplugin_t) "getattr" to
/dev/shm/pulse-shm-2938139917 (tmpfs_t).

SELinux denied access requested by npviewer.bin. /dev/shm/pulse-shm-2938139917
may be a mislabeled. /dev/shm/pulse-shm-2938139917 default SELinux type is
user_tmpfs_t, but its current type is tmpfs_t. Changing this file back to the
default type, may fix your problem.

Additional Information:

Source Context                unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102
Target Context                unconfined_u:object_r:tmpfs_t:s0
Target Objects                /dev/shm/pulse-shm-2938139917 [ file ]
Source                        npviewer.bin
Source Path                   /usr/lib64/nspluginwrapper/npviewer.bin
Source RPM Packages           nspluginwrapper-1.3.0-5.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.10-9.fc11
Platform                      Linux sandworm.fordon.pl.eu.org
                     #1 SMP Mon Apr 6 03:50:07
                              EDT 2009 x86_64 x86_64
Alert Count                   1

Raw Audit Messages            

node=sandworm.fordon.pl.eu.org type=AVC msg=audit(1239131003.653:38): avc:  denied  { getattr } for  pid=5394 comm="npviewer.bin" path="/dev/shm/pulse-shm-2938139917" dev=tmpfs ino=91273 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file

node=sandworm.fordon.pl.eu.org type=SYSCALL msg=audit(1239131003.653:38): arch=c000003e syscall=5 success=no exit=-1315217448 a0=e a1=7fff13f36b60 a2=7fff13f36b60 a3=7fff13f368e0 items=0 ppid=4620 pid=5394 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2009-04-08 09:45:30 EDT
I think the problem here was the tmpfs_t files created were created by mono or java apps. 

I have fixed this in selinux-policy-3.6.12-2.fc11.noarch

Note You need to log in before you can comment on or make changes to this bug.