501939 – Firefox plugin-config can't access user_tmp_t

Bug 501939 - Firefox plugin-config can't access user_tmp_t

Summary: Firefox plugin-config can't access user_tmp_t

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-05-21 12:32 UTC by Paul W. Frields
Modified:	2009-09-04 15:44 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-04 15:44:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul W. Frields 2009-05-21 12:32:52 UTC

I get the following type of alert when I open a link from my Mutt email client (Hit Ctrl-B, select link from list extracted from mail, hit Enter to launch).

Alert message
=============

Summary:

SELinux is preventing the plugin-config from using potentially mislabeled files
(2F746D702F6D7574742D6C6F63616C686F73742D3530302D363736322D3933202864656C6574656429).

Detailed Description:

SELinux has denied plugin-config access to potentially mislabeled file(s)
(2F746D702F6D7574742D6C6F63616C686F73742D3530302D363736322D3933202864656C6574656429).
This means that SELinux will not allow plugin-config to use these files. It is
common for users to edit files in their home directory or tmp directories and
then move (mv) them to system directories. The problem is that the files end up
with the wrong file context which confined applications are not allowed to
access.

Allowing Access:

If you want plugin-config to access this files, you need to relabel them using
restorecon -v
'2F746D702F6D7574742D6C6F63616C686F73742D3530302D363736322D3933202864656C6574656429'.
You might want to relabel the entire directory using restorecon -R -v ''.

Additional Information:

Source Context                unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:
                              c0.c1023
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                2F746D702F6D7574742D6C6F63616C686F73742D3530302D36
                              3736322D3933202864656C6574656429 [ file ]
Source                        plugin-config
Source Path                   /usr/lib64/nspluginwrapper/plugin-config
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           nspluginwrapper-1.3.0-5.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-37.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.29.3-140.fc11.x86_64 #1 SMP Tue May 12
                              10:44:27 EDT 2009 x86_64 x86_64
Alert Count                   1
First Seen                    Thu 21 May 2009 07:54:01 AM EDT
Last Seen                     Thu 21 May 2009 07:54:01 AM EDT
Local ID                      d5e50b6b-8635-4968-8727-d9201b934a25
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1242906841.401:28755): avc:  denied  { read } for  pid=8235 comm="plugin-config" path=2F746D702F6D7574742D6C6F63616C686F73742D3530302D363736322D3933202864656C6574656429 dev=dm-1 ino=82404 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1242906841.401:28755): arch=c000003e syscall=59 success=yes exit=0 a0=a5cfd0 a1=a5d2f0 a2=a5d010 a3=18 items=0 ppid=8233 pid=8235 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts4 ses=1 comm="plugin-config" exe="/usr/lib64/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 key=(null)

Comment 1 Bug Zapper 2009-06-09 16:15:03 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Daniel Walsh 2009-08-21 21:15:34 UTC

Are you still seeing this?

Note You need to log in before you can comment on or make changes to this bug.