Summary: SELinux is preventing /usr/libexec/totem-plugin-viewer "write" access on orbit-hicham. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by totem-plugin-vi. It is not expected that this access is required by totem-plugin-vi and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects orbit-hicham [ dir ] Source totem-plugin-vi Source Path /usr/libexec/totem-plugin-viewer Port <Unknown> Host (removed) Source RPM Packages totem-mozplugin-2.31.6-3.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.5-8.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-37.fc14.i686 #1 SMP Fri Oct 1 06:20:51 UTC 2010 i686 i686 Alert Count 3 First Seen Sat 02 Oct 2010 12:42:21 AM WET Last Seen Sat 02 Oct 2010 12:42:21 AM WET Local ID 7fd5fa20-1ec0-4e03-b754-39ee83efccd7 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1285980141.780:51): avc: denied { write } for pid=3158 comm="totem-plugin-vi" name="orbit-hicham" dev=sda1 ino=278540 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1285980141.780:51): avc: denied { add_name } for pid=3158 comm="totem-plugin-vi" name="linc-c56-0-548a303dbedab" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1285980141.780:51): avc: denied { create } for pid=3158 comm="totem-plugin-vi" name="linc-c56-0-548a303dbedab" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=sock_file node=(removed) type=SYSCALL msg=audit(1285980141.780:51): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfdc39a0 a2=ae0784 a3=d items=0 ppid=1 pid=3158 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="totem-plugin-vi" exe="/usr/libexec/totem-plugin-viewer" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,totem-plugin-vi,mozilla_plugin_t,user_tmp_t,dir,write audit2allow suggests: #============= mozilla_plugin_t ============== #!!!! The source type 'mozilla_plugin_t' can write to a 'dir' of the following types: # nsplugin_home_t, mozilla_plugin_tmp_t, tmpfs_t, user_fonts_cache_t, mozilla_plugin_tmpfs_t, user_home_t, gnome_home_type, tmp_t allow mozilla_plugin_t user_tmp_t:dir { write add_name }; allow mozilla_plugin_t user_tmp_t:sock_file create;
Fixed in selinux-policy-3.9.5-9.fc14
selinux-policy-3.9.5-10.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.5-10.fc14
selinux-policy-3.9.5-10.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.