The following was filed automatically by setroubleshoot: 概述: SELinux is preventing the npviewer.bin from using potentially mislabeled files (root). 详细描述: SELinux has denied npviewer.bin access to potentially mislabeled file(s) (root). This means that SELinux will not allow npviewer.bin to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. 允许访问: If you want npviewer.bin to access this files, you need to relabel them using restorecon -v 'root'. You might want to relabel the entire directory using restorecon -R -v 'root'. 附加信息: 源上下文 unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 目标上下文 system_u:object_r:admin_home_t:s0 目标对象 root [ dir ] 源 npviewer.bin 源路径 /usr/lib/nspluginwrapper/npviewer.bin 端口 <未知> 主机 (removed) 源 RPM 软件包 nspluginwrapper-1.3.0-8.fc12 目标 RPM 软件包 filesystem-2.4.27-1.fc12 策略 RPM selinux-policy-3.6.26-8.fc12 启用 Selinux True 策略类型 targeted 启用 MLS True Enforcing 模式 Enforcing 插件名称 home_tmp_bad_labels 主机名 (removed) 平台 Linux (removed) 2.6.31-0.125.4.2.rc5.git2.fc12.i686.PAE #1 SMP Tue Aug 11 21:01:03 EDT 2009 i686 i686 警报计数 1379 第一个 2009年09月16日 星期三 08时35分39秒 最后一个 2009年09月16日 星期三 09时43分46秒 本地 ID 465a6fa5-f954-49c8-b86b-7af45b65e0a0 行号 原始核查信息 node=(removed) type=AVC msg=audit(1253065426.393:28489): avc: denied { search } for pid=9847 comm="npviewer.bin" name="root" dev=sda7 ino=73586 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1253065426.393:28489): arch=40000003 syscall=292 success=no exit=-13 a0=a a1=8435a00 a2=1002fce a3=8435908 items=0 ppid=5724 pid=9847 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= nsplugin_t ============== allow nsplugin_t admin_home_t:dir search;
Some how you logged in as root and are running SELinux, this is not supported. Logging in and runnin X Sessions as root is very dangerous.
*** Bug 523573 has been marked as a duplicate of this bug. ***
Ok later you tell me you are doing a yum upgrade when this happens? So that is why this stuff is running as root. Added dontaudits Fixed in selinux-policy-3.6.31-6.fc12.noarch
*** Bug 523578 has been marked as a duplicate of this bug. ***
*** Bug 523579 has been marked as a duplicate of this bug. ***
*** Bug 523580 has been marked as a duplicate of this bug. ***
*** Bug 523581 has been marked as a duplicate of this bug. ***
*** Bug 523582 has been marked as a duplicate of this bug. ***