SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, write access on the file /tmp/ffidCbZSR (deleted). ***** Plugin catchall (50.5 confidence) suggests *************************** If you believe that plugin-config should be allowed read write access on the ffidCbZSR (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/lib64/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp ***** Plugin leaks (50.5 confidence) suggests ****************************** If you want to ignore plugin-config trying to read write access the ffidCbZSR (deleted) file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/lib64/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_config_t:s0-s0: c0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects /tmp/ffidCbZSR (deleted) [ file ] Source plugin-config Source Path /usr/lib64/nspluginwrapper/plugin-config Port <Neznámé> Host (removed) Source RPM Packages nspluginwrapper-1.3.0-15.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.10-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.36.1-11.fc15.x86_64 #1 SMP Fri Dec 3 12:29:43 UTC 2010 x86_64 x86_64 Alert Count 13 First Seen Po 6. prosinec 2010, 15:29:45 CET Last Seen Po 6. prosinec 2010, 16:11:12 CET Local ID f7fc6c2b-a1dd-4855-8a94-806210a3847b Raw Audit Messages type=AVC msg=audit(1291648272.802:2189): avc: denied { read write } for pid=5609 comm="plugin-config" path=2F746D702F6666696443625A5352202864656C6574656429 dev=tmpfs ino=1740395 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file plugin-config,nsplugin_config_t,user_tmp_t,file,read,write type=SYSCALL msg=audit(1291648272.802:2189): arch=x86_64 syscall=execve success=yes exit=0 a0=1f56550 a1=1f478e0 a2=1f47470 a3=1 items=0 ppid=5607 pid=5609 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts5 ses=227 comm=plugin-config exe=/usr/lib64/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 key=(null) plugin-config,nsplugin_config_t,user_tmp_t,file,read,write #============= nsplugin_config_t ============== allow nsplugin_config_t user_tmp_t:file { read write };
Matej, I think it blocks nothing. But do you have mozplugger installed?
This looks like a leaked file in firefox. userdom_dontaudit_read_user_tmp_files(nsplugin_t) userdom_dontaudit_write_user_tmp_files(nsplugin_t)
(In reply to comment #1) > Matej, > I think it blocks nothing. But do you have mozplugger installed? Apage, Satanas! I was the one who fought for excluding mozplugger from default installation of Fedora. No, that thing is nowhere to be seen. I would really expect some kind of leaked something.
Had to get my Latin-English dictionary out. :^) Yes I agree this is a leak.
(In reply to comment #4) > Had to get my Latin-English dictionary out. :^) I was a lawyer in my previous life, and I sometimes forgot that even Bostonians (suspects of being of Irish or Italian origin) don't know their Latin that well any more).
Danny Walsh - Must be irish. :^) I wasted my high school years studying French...