Hide Forgot
Description of problem: I updated the new Adobe Flash Player to version flash-plugin-10.2.152.27-release.i386, and sometimes I get an error messages. I use Fedora release 14 (Laughlin), x86_64 operating system. My browser version is Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13. Flash Player write a root filesystem? This is a Flash Player bug, or SELinux policy problem? SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from write access on the file /SYSV00000000 (deleted). ***** Plugin restorecon (92.2 confidence) suggests ************************* If you want to fix the label. /SYSV00000000 (deleted) default label should be etc_runtime_t. Then you can run restorecon. Do # /sbin/restorecon -v /SYSV00000000 (deleted) ***** Plugin catchall_boolean (7.83 confidence) suggests ******************* If you want to allows clients to write to the X server shared memory segments. Then you must tell SELinux about this by enabling the 'allow_write_xshm' boolean. Do setsebool -P allow_write_xshm 1 ***** Plugin catchall (1.41 confidence) suggests *************************** If you believe that npviewer.bin should be allowed write access on the SYSV00000000 (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep npviewer.bin /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 Target Context system_u:object_r:xserver_tmpfs_t:s0 Target Objects /SYSV00000000 (deleted) [ file ] Source npviewer.bin Source Path /usr/lib/nspluginwrapper/npviewer.bin Port <Unknown> Host deer Source RPM Packages nspluginwrapper-1.3.0-15.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-29.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name deer Platform Linux deer 2.6.38-0.rc4.git0.2.deer.fc14.x86_64 #1 SMP Tue Feb 8 12:22:18 CET 2011 x86_64 x86_64 Alert Count 22 First Seen Thu 10 Feb 2011 02:20:02 AM CET Last Seen Thu 10 Feb 2011 10:43:33 AM CET Local ID 642f1352-78b0-4c35-825e-43734bc77972 Raw Audit Messages type=AVC msg=audit(1297331013.978:39602): avc: denied { write } for pid=3383 comm="npviewer.bin" path=2F535953563030303030303030202864656C6574656429 dev=tmpfs ino=0 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_tmpfs_t:s0 tclass=file type=SYSCALL msg=audit(1297331013.978:39602): arch=i386 syscall=setresuid per=8 success=no exit=4294967283 a0=15 a1=0 a2=0 a3=ffb69228 items=0 ppid=3189 pid=3383 auid=502 uid=502 gid=100 euid=502 suid=502 fsuid=502 egid=100 sgid=100 fsgid=100 tty=(none) ses=1 comm=npviewer.bin exe=/usr/lib/nspluginwrapper/npviewer.bin subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) Hash: npviewer.bin,nsplugin_t,xserver_tmpfs_t,file,write audit2allow #============= nsplugin_t ============== #!!!! This avc can be allowed using the boolean 'allow_write_xshm' allow nsplugin_t xserver_tmpfs_t:file write; audit2allow -R #============= nsplugin_t ============== #!!!! This avc can be allowed using the boolean 'allow_write_xshm' allow nsplugin_t xserver_tmpfs_t:file write; Version-Release number of selected component (if applicable): rpm -q selinux-policy{,-targeted} firefox xulrunner flash-plugin nspluginwrapper selinux-policy-3.9.7-29.fc14.noarch selinux-policy-targeted-3.9.7-29.fc14.noarch firefox-3.6.13-1.fc14.x86_64 xulrunner-1.9.2.13-5.fc14.x86_64 flash-plugin-10.2.152.27-release.i386 nspluginwrapper-1.3.0-15.fc14.x86_64 nspluginwrapper-1.3.0-15.fc14.i686 cat /etc/system-release Fedora release 14 (Laughlin) uname -a Linux deer 2.6.38-0.rc4.git0.2.deer.fc14.x86_64 #1 SMP Tue Feb 8 12:22:18 CET 2011 x86_64 x86_64 x86_64 GNU/Linux (I compiled kernel-2.6.38-0.rc4.git0.2.fc15.src.rpm from Koji.)
Turn on the 'allow_write_xshm' boolean. setsebool -P allow_write_xshm 1
Thank you!