Bug 808155 - SELinux is preventing nspluginviewer from 'create' accesses on the file paypalLSO.sxx.
Summary: SELinux is preventing nspluginviewer from 'create' accesses on the file paypa...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:fd766f5f7ff961e991e5e3d7883...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-29 17:40 UTC by Marek Paśnikowski
Modified: 2012-03-29 19:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-29 19:33:56 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Marek Paśnikowski 2012-03-29 17:40:14 UTC 
libreport version: 2.0.10
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.3.0-5.fc17.i686
time:           Thu 29 Mar 2012 07:38:10 PM CEST

description:
:SELinux is preventing nspluginviewer from 'create' accesses on the file paypalLSO.sxx.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that nspluginviewer should be allowed create access on the paypalLSO.sxx file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep nspluginviewer /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
:                              0.c1023
:Target Context                unconfined_u:object_r:user_home_t:s0
:Target Objects                paypalLSO.sxx [ file ]
:Source                        nspluginviewer
:Source Path                   nspluginviewer
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-106.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.0-5.fc17.i686 #1 SMP Fri Mar
:                              23 20:52:57 UTC 2012 i686 i686
:Alert Count                   20
:First Seen                    Thu 22 Mar 2012 04:06:40 PM CET
:Last Seen                     Thu 29 Mar 2012 07:36:55 PM CEST
:Local ID                      c1fe1aa7-87c1-429d-8fcb-3b3431734918
:
:Raw Audit Messages
:type=AVC msg=audit(1333042615.35:103): avc:  denied  { create } for  pid=2329 comm="plugin-containe" name="paypalLSO.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
:
:
:Hash: nspluginviewer,mozilla_plugin_t,user_home_t,file,create
:
:audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
:
:
:audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
:
:
Comment 1 Daniel Walsh 2012-03-29 17:51:32 UTC 
Do you know where it attempted to create this file?

paypalLSO.sxx

What were you doing when this happened?
Comment 2 Marek Paśnikowski 2012-03-29 17:57:58 UTC 
I received this report when I logged in to PayPal account. I have no idea how to find what the location of the file is. Reproduced using Firefox with Adobe Flash installed, on KDE desktop.
Comment 3 Daniel Walsh 2012-03-29 18:09:49 UTC 
Can you execute as root

# auditctl -w /etc/shadow

Generate the AVC again.

The grab the output of 

# ausearch -m avc -ts recent
Comment 4 Marek Paśnikowski 2012-03-29 18:15:18 UTC 
# ausearch -m avc -ts recent
----
time->Thu Mar 29 20:13:16 2012
type=AVC msg=audit(1333044796.212:135): avc:  denied  { create } for  pid=2329 comm="plugin-containe" name="paypalLSO.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
----
time->Thu Mar 29 20:13:29 2012
type=AVC msg=audit(1333044809.616:136): avc:  denied  { create } for  pid=2329 comm="plugin-containe" name="paypalLSO.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
----
time->Thu Mar 29 20:13:29 2012
type=AVC msg=audit(1333044809.622:137): avc:  denied  { create } for  pid=2329 comm="plugin-containe" name="paypalLSO.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
Comment 5 Marek Paśnikowski 2012-03-29 18:26:16 UTC 
I just noticed a weird behavior. Firefox is running the whole time. The PayPal website was closed immediately after I generated the AVC. Many minutes later, when I closed the terminal in which I run ausearch, I received the same report again...
By the way, I am not even sure now, if this file should be allowed.
Comment 6 Daniel Walsh 2012-03-29 19:13:29 UTC 
Just out of curiosity could you run 

restorecon -R -v ~/

To see if anything gets relabeled.
Comment 7 Marek Paśnikowski 2012-03-29 19:25:50 UTC 
Got over 1000 lines of output. My /home is imported from other, non-SE distribution. The error is no more. In this case, I believe this restorecon should be run during installation of Fedora. Obviously, it did not happen, so this problem emerged.
Comment 8 Daniel Walsh 2012-03-29 19:33:56 UTC 
It is very difficult to do this on an update and since you added the disk, not much we can do.
Note You need to log in before you can comment on or make changes to this bug.