Hide Forgot
SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from setattr access on the directory /var/cache/fontconfig. ***** Plugin catchall (100. confidence) suggests *************************** If you want to allow plugin-container to have setattr access on the fontconfig directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/lib64/xulrunner-2/plugin-container /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:fonts_cache_t:s0 Target Objects /var/cache/fontconfig [ dir ] Source plugin-containe Source Path /usr/lib64/xulrunner-2/plugin-container Port <Unknown> Host (removed) Source RPM Packages xulrunner-2.0-0.2b6.fc15 Target RPM Packages fontconfig-2.8.0-2.fc14 Policy RPM selinux-policy-3.9.8-1.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.36-1.fc15.x86_64 #1 SMP Thu Oct 21 04:28:50 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 10 Nov 2010 03:38:30 PM CLST Last Seen Wed 10 Nov 2010 03:38:30 PM CLST Local ID cff4a391-51af-4eca-838b-d74ff3e8c4f7 Raw Audit Messages type=AVC msg=audit(1289414310.9:383): avc: denied { setattr } for pid=16965 comm="plugin-containe" name="fontconfig" dev=dm-1 ino=802818 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_cache_t:s0 tclass=dir plugin-containe,mozilla_plugin_t,fonts_cache_t,dir,setattr type=SYSCALL msg=audit(1289414310.9:383): arch=x86_64 syscall=chmod success=no exit=EPERM a0=7f54c760b120 a1=1ed a2=d a3=7fff4a937910 items=0 ppid=13405 pid=16965 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=25 comm=plugin-containe exe=/usr/lib64/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) plugin-containe,mozilla_plugin_t,fonts_cache_t,dir,setattr #============= mozilla_plugin_t ============== allow mozilla_plugin_t fonts_cache_t:dir setattr;
Miroslav lets dontaudit this.
Fixed in selinux-policy-3.9.8-7.fc15