Bug 508160 - setroubleshoot: SELinux is preventing the nspluginscan from using potentially mislabeled files (filetypesrc).
setroubleshoot: SELinux is preventing the nspluginscan from using potent...
Status: CLOSED DUPLICATE of bug 508150
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-06-25 16:28 EDT by Antonio A. Olivares
Modified: 2009-06-26 08:58 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-26 08:58:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Antonio A. Olivares 2009-06-25 16:28:12 EDT
The following was filed automatically by setroubleshoot:


SELinux is preventing the nspluginscan from using potentially mislabeled files

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux has denied nspluginscan access to potentially mislabeled file(s)
(filetypesrc). This means that SELinux will not allow nspluginscan to use these
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

Allowing Access:

If you want nspluginscan to access this files, you need to relabel them using
restorecon -v 'filetypesrc'. You might want to relabel the entire directory
using restorecon -R -v ''.

Additional Information:

Source Context                unconfined_u:unconfined_r:nsplugin_t:SystemLow-
Target Context                unconfined_u:object_r:user_home_t:SystemLow
Target Objects                filetypesrc [ file ]
Source                        nspluginscan
Source Path                   /usr/bin/nspluginscan
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           kdebase-4.2.90-1.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.19-4.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   home_tmp_bad_labels
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.31-0.24.rc0.git18.fc12.i586 #1 SMP Mon Jun 22
                              16:26:17 EDT 2009 i686 i686
Alert Count                   1
First Seen                    Thu 25 Jun 2009 03:16:27 PM CDT
Last Seen                     Thu 25 Jun 2009 03:16:27 PM CDT
Local ID                      e02ee906-741c-42b8-a55c-5f4e3769c516
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1245960987.98:141): avc:  denied  { unlink } for  pid=6341 comm="nspluginscan" name="filetypesrc" dev=dm-0 ino=705083 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1245960987.98:141): arch=40000003 syscall=38 success=yes exit=0 a0=9219d98 a1=9219d50 a2=7c82ae4 a3=bffcc070 items=0 ppid=6277 pid=6341 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nspluginscan" exe="/usr/bin/nspluginscan" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)

audit2allow suggests:

#============= nsplugin_t ==============
allow nsplugin_t user_home_t:file unlink;
Comment 1 Daniel Walsh 2009-06-26 08:58:01 EDT

*** This bug has been marked as a duplicate of bug 508150 ***

Note You need to log in before you can comment on or make changes to this bug.