The following was filed automatically by setroubleshoot: Summary: SELinux is preventing the /usr/bin/evince from using potentially mislabeled files (/home/frieben/.recently-used.xbel). Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux has denied evince access to potentially mislabeled file(s) (/home/frieben/.recently-used.xbel). This means that SELinux will not allow evince to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want evince to access this files, you need to relabel them using restorecon -v '/home/frieben/.recently-used.xbel'. You might want to relabel the entire directory using restorecon -R -v '/home/frieben'. Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/frieben/.recently-used.xbel [ file ] Source evince Source Path /usr/bin/evince Port <Unknown> Host (removed) Source RPM Packages evince-2.27.90-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.31-3.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Mon 14 Sep 2009 10:24:06 AM CEST Last Seen Mon 14 Sep 2009 10:24:06 AM CEST Local ID c7f434fb-b887-49f4-82bb-47e210e31c7f Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252916646.196:355): avc: denied { unlink } for pid=11166 comm="evince" name=".recently-used.xbel" dev=dm-1 ino=5464077 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1252916646.196:355): arch=c000003e syscall=82 success=yes exit=0 a0=1ccf400 a1=1b5f7b0 a2=1d394c0 a3=1 items=0 ppid=11165 pid=11166 auid=501 uid=501 gid=100 euid=501 suid=501 fsuid=501 egid=100 sgid=100 fsgid=100 tty=(none) ses=1 comm="evince" exe="/usr/bin/evince" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= nsplugin_t ============== allow nsplugin_t user_home_t:file unlink;
Please do not run evince under nspluginwrapper. Remove mozplugger or turn off nsplugin support. yum remove mozplugger or setsebool -P allow_unconfined_nsplugin_transition 0