Description of problem: After upgrading Firefox from version 3 from F14 to version 4 from F15, Firefox started to crash immediately on startup. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.9.16-26.fc15.noarch firefox-4.0.1-2.fc15.x86_64 xulrunner-2.0.1-1.fc15.x86_64 How reproducible: Every time Steps to Reproduce: 1. setsebool allow_execmem=off allow_execstack=off 2. firefox Actual results: Firefox crashes and a crash report window comes up. Expected results: Firefox should run. Additional info: After some investigation and some helpful comments on the fedora-selinux mailing list (http://lists.fedoraproject.org/pipermail/selinux/2011-June/013837.html) I figured out, as shown above, that disabling both allow_execmem and allow_execstack is necessary to trigger the problem. These are not the default settings, so in a standard configuration this won't happen. But I was under the impression the intention was it should be possible to run a system with these booleans turned off. Dominick Grift suggested in the mailing list thread to make the Firefox binary "execmem_exec_t". By default it has the type mozilla_exec_t. I'm not sure in what way that is different from bin_t, but I assume there is some difference. So maybe the "proper" fix is to add transitions to the policy based on that type instead. From what I can understand, it would make sense for the policy to allow the firefox binary to do execmem.
Similar to bug 710768, firefox still fails on F16 with selinux-policy-targeted-3.10.0-38.fc16. Do you want a separate report for F16, (assuming the latest F15 policy is where it is fixed)?
Yes, please, open a new bug for F16. Thank you.
I've opened bug 745062 about this problem in F16.