Summary: SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from executing /opt/google/talkplugin/GoogleTalkPlugin. Detailed Description: [GoogleTalkPlugi has a permissive type (mozilla_plugin_t). This access was not denied.] SELinux has denied the GoogleTalkPlugi from executing /opt/google/talkplugin/GoogleTalkPlugin. If GoogleTalkPlugi is supposed to be able to execute /opt/google/talkplugin/GoogleTalkPlugin, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this GoogleTalkPlugi is not supposed to execute /opt/google/talkplugin/GoogleTalkPlugin, this could signal an intrusion attempt. Allowing Access: If you want to allow GoogleTalkPlugi to execute /opt/google/talkplugin/GoogleTalkPlugin: chcon -t bin_t '/opt/google/talkplugin/GoogleTalkPlugin' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t '/opt/google/talkplugin/GoogleTalkPlugin' Please specify the full path to the executable, Please file a bug report to make sure this becomes the default labeling. Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects /opt/google/talkplugin/GoogleTalkPlugin [ file ] Source GoogleTalkPlugi Source Path /opt/google/talkplugin/GoogleTalkPlugin Port <Unknown> Host (removed) Source RPM Packages google-talkplugin-1.5.1.0-1 Target RPM Packages google-talkplugin-1.5.1.0-1 Policy RPM selinux-policy-3.9.5-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name execute Host Name (removed) Platform Linux (removed) 2.6.35.4-28.fc14.x86_64 #1 SMP Wed Sep 15 01:56:54 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Thu 30 Sep 2010 03:58:40 PM IST Last Seen Thu 30 Sep 2010 03:58:40 PM IST Local ID a9669318-f900-4087-91fd-002ce2fe6058 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1285842520.139:18548): avc: denied { execute } for pid=21598 comm="plugin-containe" name="GoogleTalkPlugin" dev=dm-1 ino=787188 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=(removed) type=AVC msg=audit(1285842520.139:18548): avc: denied { execute_no_trans } for pid=21598 comm="plugin-containe" path="/opt/google/talkplugin/GoogleTalkPlugin" dev=dm-1 ino=787188 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1285842520.139:18548): arch=c000003e syscall=59 success=yes exit=0 a0=7feb01ee4c08 a1=7fffbc10b7c0 a2=7feb01e07400 a3=7fffbc10a3a0 items=0 ppid=1 pid=21598 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="GoogleTalkPlugi" exe="/opt/google/talkplugin/GoogleTalkPlugin" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash String generated from execute,GoogleTalkPlugi,mozilla_plugin_t,usr_t,file,execute audit2allow suggests: #============= mozilla_plugin_t ============== allow mozilla_plugin_t usr_t:file { execute execute_no_trans };
Fixed in selinux-policy-3.9.5-9.fc14
selinux-policy-3.9.5-10.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.5-10.fc14
selinux-policy-3.9.5-10.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.