Summary: SELinux is preventing /usr/lib64/nspluginwrapper/npviewer.bin "read" access on settings.sol. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by npviewer.bin. It is not expected that this access is required by npviewer.bin and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 Target Context unconfined_u:object_r:user_home_dir_t:s0 Target Objects settings.sol [ file ] Source npviewer.bin Source Path /usr/lib64/nspluginwrapper/npviewer.bin Port <Unknown> Host (removed) Source RPM Packages nspluginwrapper-1.3.0-8.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.31-5.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-0.125.4.2.rc5.git2.fc12.x86_64 #1 SMP Tue Aug 11 21:00:45 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Thu 17 Sep 2009 09:04:04 AM PDT Last Seen Thu 17 Sep 2009 09:04:04 AM PDT Local ID a401358e-7b19-431d-a39a-8a7acb1e78b0 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1253203444.460:83): avc: denied { read } for pid=13681 comm="npviewer.bin" name="settings.sol" dev=dm-2 ino=19568 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=(removed) type=AVC msg=audit(1253203444.460:83): avc: denied { open } for pid=13681 comm="npviewer.bin" name="settings.sol" dev=dm-2 ino=19568 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1253203444.460:83): arch=c000003e syscall=2 success=yes exit=11 a0=7ff04453c340 a1=0 a2=1b6 a3=238 items=0 ppid=13493 pid=13681 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.31-5.fc12,catchall,npviewer.bin,nsplugin_t,user_home_dir_t,file,read audit2allow suggests: #============= nsplugin_t ============== allow nsplugin_t user_home_dir_t:file { read open };
setroubleshoot threw a warning so I clicked on "show". Sadly it pointed me at a really old entry and not the reason it prompted me in the first place. So, the bug reported below is probably not a bug. Having setroubleshoot pop up the wrong entry after prompting me on the desktop is a recipe for a lot of unwanted bug reports.