Bug 802184 - extensions.gnome.org is blocked by policy
extensions.gnome.org is blocked by policy
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-11 19:05 EDT by Giovanni Campagna
Modified: 2012-03-25 19:10 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-25 19:10:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Giovanni Campagna 2012-03-11 19:05:02 EDT
Description of problem:
extensions.gnome.org (the website hosting gnome-shell extensions) uses a Firefox plugin that makes DBus calls to enumerate and install extensions. These calls are blocked by SELinux, making the website inusable.

Version-Release number of selected component (if applicable):
selinux-policy-3.10.0-95.fc17.noarch

How reproducible:
Always

Steps to Reproduce:
1. Go to https://extensions.gnome.org with Firefox
  
Actual results:
GnomeShellBrowserPlugin-WARNING **: Failed to retrieve extension metadata: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.92" (uid=1000 pid=1262 comm="/usr/lib64/xulrunner-2/plugin-container /usr/lib64") interface="org.gnome.Shell" member="GetExtensionInfo" error name="(unset)" requested_reply="0" destination=":1.41" (uid=1000 pid=973 comm="/usr/bin/gnome-shell ")

Expected results:
The website loads gnome-shell configuration (version, installed extensions) with no error.
Comment 1 Miroslav Grepl 2012-03-12 03:54:47 EDT
What AVC are you getting?

$ ausearch -m avc,user_avc
Comment 2 Giovanni Campagna 2012-03-25 19:10:27 EDT
Whatever it was, it's fixed with the latest updates of firefox, gnome-shell and selinux-policy, so closing.

Note You need to log in before you can comment on or make changes to this bug.