Souhrn: SELinux is preventing the npviewer.bin from using potentially mislabeled files (swfdec-mozilla.conf). Podrobný popis: [SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena kvůli uvolněnému režimu.] SELinux has denied npviewer.bin access to potentially mislabeled file(s) (swfdec-mozilla.conf). This means that SELinux will not allow npviewer.bin to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Povolení přístupu: If you want npviewer.bin to access this files, you need to relabel them using restorecon -v 'swfdec-mozilla.conf'. You might want to relabel the entire directory using restorecon -R -v ''. Další informace: Kontext zdroje staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023 Kontext cíle staff_u:object_r:user_home_t:s0 Objekty cíle swfdec-mozilla.conf [ file ] Zdroj npviewer.bin Cesta zdroje /usr/lib64/nspluginwrapper/npviewer.bin Port <Neznámé> Počítač viklef.ceplovi.cz RPM balíčky zdroje nspluginwrapper-1.3.0-5.fc11 RPM balíčky cíle RPM politiky selinux-policy-3.6.12-2.fc11 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu home_tmp_bad_labels Název počítače viklef.ceplovi.cz Platforma Linux viklef.ceplovi.cz 2.6.29.1-54.fc11.x86_64 #1 SMP Tue Apr 7 05:26:42 EDT 2009 x86_64 x86_64 Počet upozornění 5 Poprvé viděno St 15. duben 2009, 13:01:20 CEST Naposledy viděno St 15. duben 2009, 13:29:31 CEST Místní ID 197a7c07-9d8a-4b59-ad70-1a97e36058e6 Čísla řádků Původní zprávy auditu node=viklef.ceplovi.cz type=AVC msg=audit(1239794971.163:319): avc: denied { unlink } for pid=13465 comm="npviewer.bin" name="swfdec-mozilla.conf" dev=dm-6 ino=6635881 scontext=staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:user_home_t:s0 tclass=file node=viklef.ceplovi.cz type=SYSCALL msg=audit(1239794971.163:319): arch=c000003e syscall=82 success=yes exit=0 a0=164b440 a1=1638130 a2=16430b0 a3=1 items=0 ppid=13436 pid=13465 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
Hesitantly self-ASSIGNing. Switching to ASSIGNED so that developers have responsibility to do whatever they want to do with it.
I believe this is a mislabeled file in the home dir. Where is swfdec-mozilla.conf located?
/home/matej/.config/swfdec-mozilla.conf
And you are probably right: matej@viklef ~]$ restorecon -v $(locate *swfdec*.conf) restorecon reset /home/matej/.config/swfdec-mozilla.conf context staff_u:object_r:user_home_t:s0->staff_u:object_r:gnome_home_t:s0 [matej@viklef ~]$ How is the relabelling of file whose default labels changed in /etc/selinux/targeted/contexts/files/* provided? Does %post (or some other script) in selinux-policy* runs restorecon?
I am working on a solution for this. The problem is we do not know what app creates any of these directories so they can be mislabeles. I am building a dbus service restorecond that will watch your homedir and basically run restorecon on any file or directory created at the top level. WHich should fix a lot of the labeling problems in the homedir.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Any new infos about this bug? Is this bug in F12?
It´s an selinux/nsviewer problem.
Fixed in F12