Description of problem: I get alerts of this type while browsing: SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from create access on the file wakeup.sxx. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that plugin-container should be allowed create access on the wakeup.sxx file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects wakeup.sxx [ file ] Source plugin-containe Source Path /usr/lib64/xulrunner-2/plugin-container Port <Unknown> Host rubik.elk Source RPM Packages xulrunner-12.0-1.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-118.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rubik.elk Platform Linux rubik.elk 3.3.4-1.fc17.x86_64 #1 SMP Fri Apr 27 18:39:03 UTC 2012 x86_64 x86_64 Alert Count 2 First Seen Fri 04 May 2012 09:00:45 BST Last Seen Fri 04 May 2012 09:00:45 BST Local ID 81b212b7-0914-49d4-ab45-5512ce464804 Raw Audit Messages type=AVC msg=audit(1336118445.406:946): avc: denied { create } for pid=3134 comm="plugin-containe" name="wakeup.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1336118445.406:946): arch=x86_64 syscall=open success=no exit=EACCES a0=7ffa15d0f040 a1=442 a2=1b6 a3=ffffff00 items=0 ppid=3084 pid=3134 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=2 comm=plugin-containe exe=/usr/lib64/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,create audit2allowunable to open /sys/fs/selinux/policy: Permission denied audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied Version-Release number of selected component (if applicable): selinux-policy-3.10.0-118.fc17.noarch xulrunner-12.0-1.fc17.x86_64 firefox-12.0-1.fc17.x86_64 How reproducible: 100% Additional info: The *.sxx filename varies.
plugin-container does not live itself, which plugin do you run there?
I think it comes from flash-plugin.
Does the flash-plugin crash or so? I'm not sure we want to allow it to lay files over the system...
No, seems unaffected.
Okay, I guess it's okay to disable flash to save files.
Tim do you know which directory it was trying to write this to? Might be mislabeled content in the homedir? Is there a flash directory in your homedir?
Oh, restorecon -vR $HOME seems to have fixed it.
Yes mozilla_plugin can write to a bunch of subdirs in the homedir, but they have to be labelled correctly.
If flash-plugin is running a .swf file which use flash.net.FileReference (1) then selinux will prevent the .swf file (from saving file - for example) & throw this alert. (1) http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/FileReference.html
I guess if you want this to work you would need to turn off the protection. # setsebool -P unconfined_mozilla_plugin_transition = 1