abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-0.rc6.git0.3.fc16.x86_64 reason: SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'read' accesses on the file pulse-shm-2753185353. time: Tue Sep 20 21:30:08 2011 description: :SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'read' accesses on the file pulse-shm-2753185353. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that npviewer.bin should be allowed read access on the pulse-shm-2753185353 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep npviewer.bin /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 : 3 :Target Context unconfined_u:object_r:tmpfs_t:s0 :Target Objects pulse-shm-2753185353 [ file ] :Source npviewer.bin :Source Path /usr/lib/nspluginwrapper/npviewer.bin :Port <Unknown> :Host (removed) :Source RPM Packages nspluginwrapper-1.4.4-1.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-29.1.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.1.0-0.rc6.git0.3.fc16.x86_64 #1 SMP : Fri Sep 16 12:26:22 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Mon 19 Sep 2011 12:39:18 AM CEST :Last Seen Mon 19 Sep 2011 12:39:18 AM CEST :Local ID f4f64b6f-4668-4d8b-ad68-593d383c186c : :Raw Audit Messages :type=AVC msg=audit(1316385558.503:530): avc: denied { read } for pid=20379 comm="npviewer.bin" name="pulse-shm-2753185353" dev=tmpfs ino=340459 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file : : :type=AVC msg=audit(1316385558.503:530): avc: denied { open } for pid=20379 comm="npviewer.bin" name="pulse-shm-2753185353" dev=tmpfs ino=340459 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file : : :type=SYSCALL msg=audit(1316385558.503:530): arch=i386 syscall=fstat per=8 success=yes exit=EEXIST a0=ffee3af0 a1=a0000 a2=0 a3=ffee3bed items=0 ppid=20358 pid=20379 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=21 comm=npviewer.bin exe=/usr/lib/nspluginwrapper/npviewer.bin subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) : :Hash: npviewer.bin,nsplugin_t,tmpfs_t,file,read : :audit2allow : :#============= nsplugin_t ============== :allow nsplugin_t tmpfs_t:file { read open }; : :audit2allow -R : :#============= nsplugin_t ============== :allow nsplugin_t tmpfs_t:file { read open }; :
*** Bug 740056 has been marked as a duplicate of this bug. ***
Any idea how this pulse-shm file got created? If it was created by a logged in user process it would have been user_tmpfs_t?
This was with the "old" 3.10.0-29 policy - I had logged in as a temporary user and started firefox to download -31. I assume these files are created on login with "unique and random" names, so it must have been created by some session process. But I guess it could be related to the transition/relabelling fix in -31. Right now all the files in /dev/shm/pulse* are user_tmpfs_t. I will try and see if I can reproduce the issue - but user switching is a bit hard at the moment...
Ok reopen if it happens again.