Bug 560113 - SELinux is preventing firefox (mozilla_t) "create" user_home_dir_t.
Summary: SELinux is preventing firefox (mozilla_t) "create" user_home_dir_t.
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:019b27b086b...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-29 21:35 UTC by Iván Jiménez
Modified: 2010-02-01 09:28 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-02-01 09:28:41 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Iván Jiménez 2010-01-29 21:35:02 UTC 
Resúmen:

SELinux is preventing firefox (mozilla_t) "create" user_home_dir_t.

Descripción Detallada:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Información Adicional:

Contexto Fuente               xguest_u:xguest_r:mozilla_t:s0
Contexto Destino              xguest_u:object_r:user_home_dir_t:s0
Objetos Destino               etilqs_ins3YZzaPBnXv9Q [ file ]
Fuente                        firefox
Dirección de Fuente          /usr/lib64/firefox-3.5/firefox
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          firefox-3.5-1.fc11
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.12-62.fc11
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.29.5-191.fc11.x86_64 #1
                              SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64
Cantidad de Alertas           1
Visto por Primera Vez         jue 16 jul 2009 11:12:24 COT
Visto por Última Vez         jue 16 jul 2009 11:12:24 COT
ID Local                      eb0f72ae-fc62-4f8b-beb4-70b954780175
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1247760744.5:529): avc:  denied  { create } for  pid=4082 comm="firefox" name="etilqs_ins3YZzaPBnXv9Q" scontext=xguest_u:xguest_r:mozilla_t:s0 tcontext=xguest_u:object_r:user_home_dir_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1247760744.5:529): arch=c000003e syscall=2 success=no exit=-13 a0=7fff4c5f1060 a1=200c2 a2=180 a3=0 items=0 ppid=4067 pid=4082 auid=507 uid=507 gid=507 euid=507 suid=507 fsuid=507 egid=507 sgid=507 fsgid=507 tty=(none) ses=3 comm="firefox" exe="/usr/lib64/firefox-3.5/firefox" subj=xguest_u:xguest_r:mozilla_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.12-62.fc11,catchall,firefox,mozilla_t,user_home_dir_t,file,create
audit2allow suggests:

#============= mozilla_t ==============
allow mozilla_t user_home_dir_t:file create;
Comment 1 Miroslav Grepl 2010-02-01 09:28:41 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.