The following was filed automatically by setroubleshoot: Summary: SELinux is preventing prelink "read" access to /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so. Detailed Description: [prelink has a permissive type (prelink_t). This access was not denied.] SELinux denied prelink read on /usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so. The prelink program is only allowed to manipulate files that are identified as executables or shared libraries by SELinux. Libraries that get placed in lib directories get labeled by default as a shared library. Similarly, executables that get placed in a bin or sbin directory get labeled as executables by SELinux. However, if these files get installed in other directories they might not get the correct label. If prelink is trying to manipulate a file that is not a binary or share library this may indicate an intrusion attack. Allowing Access: You can alter the file context by executing "chcon -t bin_t '/usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so'" or "chcon -t lib_t '/usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so'" if it is a shared library. If you want to make these changes permanent you must execute the semanage command. "semanage fcontext -a -t bin_t '/usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so'" or "semanage fcontext -a -t lib_t '/usr/lib64/mozilla/plugins-wrapped/nswrapper_64_64.libflashplayer.so'". If you feel this executable/shared library is in the wrong location please file a bug against the package that includes the file. If you feel that SELinux should know about this file and label it correctly please file a bug against SELinux policy (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) . Additional Information: Source Context system_u:system_r:prelink_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:nsplugin_rw_t:s0 Target Objects /usr/lib64/mozilla/plugins- wrapped/nswrapper_64_64.libflashplayer.so [ file ] Source prelink Source Path /usr/sbin/prelink Port <Unknown> Host (removed) Source RPM Packages prelink-0.4.2-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name prelink_mislabled Host Name (removed) Platform Linux (removed) 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 6 First Seen Mon 31 Aug 2009 03:08:41 AM PDT Last Seen Wed 02 Sep 2009 06:42:50 PM PDT Local ID ae44cacb-4834-41f3-88b2-d67567c8ba07 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1251942170.42:46): avc: denied { read } for pid=9185 comm="prelink" name="nswrapper_64_64.libflashplayer.so" dev=dm-2 ino=4279 scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:nsplugin_rw_t:s0 tclass=file node=(removed) type=AVC msg=audit(1251942170.42:46): avc: denied { open } for pid=9185 comm="prelink" name="nswrapper_64_64.libflashplayer.so" dev=dm-2 ino=4279 scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:nsplugin_rw_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1251942170.42:46): arch=c000003e syscall=2 success=yes exit=0 a0=a78f70 a1=0 a2=0 a3=100 items=0 ppid=9176 pid=9185 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="prelink" exe="/usr/sbin/prelink" subj=system_u:system_r:prelink_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= prelink_t ============== allow prelink_t nsplugin_rw_t:file { read open };
Fixed in selinux-policy-3.6.30-4.fc12.noarch