Bug 829864 - SELinux is preventing plugin-containe from create access on the file restore.sxx.
SELinux is preventing plugin-containe from create access on the file restore....
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2012-06-07 13:37 EDT by Juan J. Martínez
Modified: 2012-06-07 14:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-07 14:02:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Juan J. Martínez 2012-06-07 13:37:17 EDT
How to reproduce: Firefox 13 and flash block addon enabled, try to play flash content (ie. youtube video) after enabling the flash plugin for that page.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that plugin-containe should be allowed create access on the restore.sxx file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                restore.sxx [ file ]
Source                        plugin-containe
Source Path                   plugin-containe
Port                          <Unknown>
Host                          vortex.usebox.net
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-128.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     vortex.usebox.net
Platform                      Linux vortex.usebox.net 3.3.7-1.fc17.i686 #1 SMP
                              Mon May 21 22:50:24 UTC 2012 i686 i686
Alert Count                   2
First Seen                    Thu 07 Jun 2012 18:23:55 BST
Last Seen                     Thu 07 Jun 2012 18:33:06 BST
Local ID                      ce7eeddd-412e-4696-8beb-37564930bbe3

Raw Audit Messages
type=AVC msg=audit(1339090386.20:157): avc:  denied  { create } for  pid=9393 comm="plugin-containe" name="restore.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,create

audit2allowunable to open /sys/fs/selinux/policy:  Permission denied

audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied
Comment 1 Juan J. Martínez 2012-06-07 13:40:10 EDT
I think it's related to https://bugzilla.redhat.com/show_bug.cgi?id=829862

Using Adobe Flash plugin 11.2 r202.
Comment 2 Daniel Walsh 2012-06-07 14:02:06 EDT
restorecon -R -v /home

Should fix this.
Comment 3 Juan J. Martínez 2012-06-07 14:11:14 EDT
Yes, thanks Dan!

Note You need to log in before you can comment on or make changes to this bug.