Bug 523576 - setroubleshoot: SELinux is preventing npviewer.bin (nsplugin_t) "write" /root/.mozilla/firefox/4ctvyshh.default/.parentlock (admin_home_t).
Summary: setroubleshoot: SELinux is preventing npviewer.bin (nsplugin_t) "write" ...
Keywords:
Status: CLOSED DUPLICATE of bug 523575
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:fe2b1ad4a89...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-16 01:54 UTC by kylin
Modified: 2009-09-16 12:37 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-16 12:37:57 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description kylin 2009-09-16 01:54:24 UTC 
The following was filed automatically by setroubleshoot:

概述:

SELinux is preventing npviewer.bin (nsplugin_t) "write"
/root/.mozilla/firefox/4ctvyshh.default/.parentlock (admin_home_t).

详细描述:

SELinux denied access requested by the npviewer.bin command. It looks like this
is either a leaked descriptor or npviewer.bin output was redirected to a file it
is not allowed to access. Leaks usually can be ignored since SELinux is just
closing the leak and reporting the error. The application does not use the
descriptor, so it will run properly. If this is a redirection, you will not get
output in the /root/.mozilla/firefox/4ctvyshh.default/.parentlock. You should
generate a bugzilla on selinux-policy, and it will get routed to the appropriate
package. You can safely ignore this avc.

允许访问:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)

附加信息:

源上下文                  unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102
                              3
目标上下文               unconfined_u:object_r:admin_home_t:s0
目标对象                  /root/.mozilla/firefox/4ctvyshh.default/.parentloc
                              k [ file ]
源                           npviewer.bin
源路径                     /usr/lib/nspluginwrapper/npviewer.bin
端口                        <未知>
主机                        (removed)
源 RPM 软件包             nspluginwrapper-1.3.0-8.fc12
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.6.26-8.fc12
启用 Selinux                True
策略类型                  targeted
启用 MLS                    True
Enforcing 模式              Enforcing
插件名称                  leaks
主机名                     (removed)
平台                        Linux (removed)
                              2.6.31-0.125.4.2.rc5.git2.fc12.i686.PAE #1 SMP Tue
                              Aug 11 21:01:03 EDT 2009 i686 i686
警报计数                  20
第一个                     2009年09月16日 星期三 08时35分30秒
最后一个                  2009年09月16日 星期三 09时19分51秒
本地 ID                     3b12115a-60a7-4cac-9313-cf4557b9486a
行号                        

原始核查信息            

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { write } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/.parentlock" dev=sda7 ino=110484 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { read } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/XUL.mfasl" dev=sda7 ino=110498 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { read write } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_MAP_" dev=sda7 ino=111510 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { read write } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_001_" dev=sda7 ino=111511 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { read write } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_002_" dev=sda7 ino=111512 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1253063991.271:26203): avc:  denied  { read write } for  pid=7580 comm="npviewer.bin" path="/root/.mozilla/firefox/4ctvyshh.default/Cache/_CACHE_003_" dev=sda7 ino=111513 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1253063991.271:26203): arch=40000003 syscall=11 success=yes exit=0 a0=96d9b28 a1=96e04a8 a2=96e21e8 a3=96e04a8 items=0 ppid=5724 pid=7580 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= nsplugin_t ==============
allow nsplugin_t admin_home_t:file { write read };
Comment 1 Daniel Walsh 2009-09-16 12:37:57 UTC 

*** This bug has been marked as a duplicate of bug 523575 ***
Note You need to log in before you can comment on or make changes to this bug.