Bug 660341 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, write access on the file /tmp/ffidCbZSR (deleted).
Summary: SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, wri...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:7b3e0c117e5...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-06 15:34 UTC by Matěj Cepl
Modified: 2018-04-11 11:19 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-26 20:24:30 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matěj Cepl 2010-12-06 15:34:24 UTC 
SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from read, write access on the file /tmp/ffidCbZSR (deleted).

*****  Plugin catchall (50.5 confidence) suggests  ***************************

If you believe that plugin-config should be allowed read write access on the ffidCbZSR (deleted) file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep /usr/lib64/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

*****  Plugin leaks (50.5 confidence) suggests  ******************************

If you want to ignore plugin-config trying to read write access the ffidCbZSR (deleted) file, because you believe it should not need this access.
Then you should report this as a bug.  
You can generate a local policy module to dontaudit this access.
Do
# grep /usr/lib64/nspluginwrapper/plugin-config /var/log/audit/audit.log | audit2allow -D -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:
                              c0.c1023
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                /tmp/ffidCbZSR (deleted) [ file ]
Source                        plugin-config
Source Path                   /usr/lib64/nspluginwrapper/plugin-config
Port                          <Neznámé>
Host                          (removed)
Source RPM Packages           nspluginwrapper-1.3.0-15.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.10-6.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 2.6.36.1-11.fc15.x86_64 #1 SMP Fri
                              Dec 3 12:29:43 UTC 2010 x86_64 x86_64
Alert Count                   13
First Seen                    Po 6. prosinec 2010, 15:29:45 CET
Last Seen                     Po 6. prosinec 2010, 16:11:12 CET
Local ID                      f7fc6c2b-a1dd-4855-8a94-806210a3847b

Raw Audit Messages
type=AVC msg=audit(1291648272.802:2189): avc:  denied  { read write } for  pid=5609 comm="plugin-config" path=2F746D702F6666696443625A5352202864656C6574656429 dev=tmpfs ino=1740395 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

plugin-config,nsplugin_config_t,user_tmp_t,file,read,write
type=SYSCALL msg=audit(1291648272.802:2189): arch=x86_64 syscall=execve success=yes exit=0 a0=1f56550 a1=1f478e0 a2=1f47470 a3=1 items=0 ppid=5607 pid=5609 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts5 ses=227 comm=plugin-config exe=/usr/lib64/nspluginwrapper/plugin-config subj=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 key=(null)
plugin-config,nsplugin_config_t,user_tmp_t,file,read,write

#============= nsplugin_config_t ==============
allow nsplugin_config_t user_tmp_t:file { read write };
Comment 1 Miroslav Grepl 2010-12-06 16:44:17 UTC 
Matej,
I think it blocks nothing. But do you have mozplugger installed?
Comment 2 Daniel Walsh 2010-12-06 19:33:01 UTC 
This looks like a leaked file in firefox.

userdom_dontaudit_read_user_tmp_files(nsplugin_t)
userdom_dontaudit_write_user_tmp_files(nsplugin_t)
Comment 3 Matěj Cepl 2010-12-06 23:02:15 UTC 
(In reply to comment #1)
> Matej,
> I think it blocks nothing. But do you have mozplugger installed?

Apage, Satanas! I was the one who fought for excluding mozplugger from default installation of Fedora.

No, that thing is nowhere to be seen.

I would really expect some kind of leaked something.
Comment 4 Daniel Walsh 2010-12-07 14:37:39 UTC 
Had to get my Latin-English dictionary out. :^)

Yes I agree this is a leak.
Comment 5 Matěj Cepl 2010-12-07 16:27:54 UTC 
(In reply to comment #4)
> Had to get my Latin-English dictionary out. :^)

I was a lawyer in my previous life, and I sometimes forgot that even Bostonians (suspects of being of Irish or Italian origin) don't know their Latin that well any more).
Comment 6 Daniel Walsh 2010-12-07 17:45:03 UTC 
Danny Walsh - Must be irish. :^)  
I wasted my high school years studying French...
Note You need to log in before you can comment on or make changes to this bug.