Bug 517599 - AVC messages
Summary: AVC messages
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: nspluginwrapper
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-14 22:07 UTC by Tim Waugh
Modified: 2009-08-17 08:10 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-17 08:10:19 UTC


Attachments (Terms of Use)

Description Tim Waugh 2009-08-14 22:07:59 UTC
Description of problem:
I have the 32-bit flash plugin installed on an x86_64 rawhide machine.  I get these AVCs when visiting a site with a flash widget:

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/.parentlock" dev=dm-3 ino=392525 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_MAP_" dev=dm-3 ino=576914 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=worm.elk 

type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_001_" dev=dm-3 ino=576915 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

node=worm.elk type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_002_" dev=dm-3 ino=576916 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=worm.elk 

type=AVC msg=audit(1250287419.636:31354): avc: denied { read write } for pid=7123 comm="npviewer.bin" path="/home/twaugh/.mozilla/firefox/e6iygk83.default/Cache/_CACHE_003_" dev=dm-3 ino=576917 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file 

Version-Release number of selected component (if applicable):
nspluginwrapper-1.3.0-8.fc12.x86_64
nspluginwrapper-1.3.0-8.fc12.i686
selinux-policy-targeted-3.6.26-11.0.0.1.fc12.noarch

How reproducible:
100%

Steps to Reproduce:
1.Visit any site with flash, with the 32-bit flash plugin installed.

Comment 1 Martin Stransky 2009-08-17 06:17:45 UTC
Hm, do you want flash plug-in to write to your home? I don't think so...we may need to deny it in selinux.

Comment 2 Tim Waugh 2009-08-17 08:10:19 UTC
Oh, my mistake, those directories somehow didn't get correctly relabelled -- perhaps because /home is on a separate filesystem.

After 'restorecon -vR ~/.mozilla' it's all working fine.

Sorry for the noise.


Note You need to log in before you can comment on or make changes to this bug.