The following was filed automatically by setroubleshoot: 概述: SELinux is preventing the npviewer.bin from using potentially mislabeled files (/root/.mozilla/firefox/4ctvyshh.default/.parentlock). 详细描述: SELinux has denied npviewer.bin access to potentially mislabeled file(s) (/root/.mozilla/firefox/4ctvyshh.default/.parentlock). This means that SELinux will not allow npviewer.bin to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. 允许访问: If you want npviewer.bin to access this files, you need to relabel them using restorecon -v '/root/.mozilla/firefox/4ctvyshh.default/.parentlock'. You might want to relabel the entire directory using restorecon -R -v '/root/.mozilla/firefox/4ctvyshh.default'. 附加信息: 源上下文 unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 目标上下文 unconfined_u:object_r:admin_home_t:s0 目标对象 /root/.mozilla/firefox/4ctvyshh.default/.parentloc k [ file ] 源 npviewer.bin 源路径 /usr/lib/nspluginwrapper/npviewer.bin 端口 <未知> 主机 (removed) 源 RPM 软件包 nspluginwrapper-1.3.0-8.fc12 目标 RPM 软件包 策略 RPM selinux-policy-3.6.26-8.fc12 启用 Selinux True 策略类型 targeted 启用 MLS True Enforcing 模式 Enforcing 插件名称 home_tmp_bad_labels 主机名 (removed) 平台 Linux (removed) 2.6.31-0.125.4.2.rc5.git2.fc12.i686.PAE #1 SMP Tue Aug 11 21:01:03 EDT 2009 i686 i686 警报计数 12 第一个 2009年09月16日 星期三 09时36分15秒 最后一个 2009年09月16日 星期三 09时37分53秒 本地 ID e10b2c13-712f-4e02-bf40-0693e8f91fe6 行号 原始核查信息 node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { write } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/.parentlock" dev=sda7 ino=110484 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { read } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/XUL.mfasl" dev=sda7 ino=110498 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { read write } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_MAP_" dev=sda7 ino=111510 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { read write } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_001_" dev=sda7 ino=111511 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { read write } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_002_" dev=sda7 ino=111512 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253065073.184:27873): avc: denied { read write } for pid=9837 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_003_" dev=sda7 ino=111513 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1253065073.184:27873): arch=40000003 syscall=11 success=yes exit=0 a0=9f62b28 a1=9f694a8 a2=9f6b1e8 a3=9f694a8 items=0 ppid=5724 pid=9837 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= nsplugin_t ============== allow nsplugin_t admin_home_t:file { write read };
You ran mozilla as root and it created this directory tree which nsplugin is now trying to interact with. It is a horrible idea to run firefox as root. rm -rf /root/.mozilla Will eliminate this AVC.
*** Bug 523576 has been marked as a duplicate of this bug. ***