836405 – freeze on web cam

Bug 836405 - freeze on web cam

Summary: freeze on web cam

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	17
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-29 00:39 UTC by Rodrigo Hernandes
Modified:	2012-07-02 06:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-07-02 06:49:23 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rodrigo Hernandes 2012-06-29 00:39:03 UTC

SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'write' accesses on the file 8c141759a1e6f160.toc.

*****  Plugin catchall (100. confidence) suggests  ***************************

If você acredita que o plugin-container deva ser permitido acesso de write em 8c141759a1e6f160.toc file  por default.
Then você precisa reportar este como um erro.
Você pode gerar um módulo de política local para permitir este acesso.
Do
permitir este acesso agora executando:
# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                8c141759a1e6f160.toc [ file ]
Source                        plugin-containe
Source Path                   /usr/lib64/xulrunner-2/plugin-container
Port                          <Desconhecido>
Host                          (removed)
Source RPM Packages           xulrunner-13.0.1-1.fc17.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-132.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.4.3-1.fc17.x86_64 #1 SMP Mon Jun
                              18 19:53:17 UTC 2012 x86_64 x86_64
Alert Count                   22
First Seen                    Qui 28 Jun 2012 21:16:32 BRT
Last Seen                     Qui 28 Jun 2012 21:17:36 BRT
Local ID                      1ce0feb5-78ef-4a71-8975-6854cd0e0ae3

Raw Audit Messages
type=AVC msg=audit(1340929056.904:198): avc:  denied  { write } for  pid=26425 comm="plugin-containe" name="8c141759a1e6f160.toc" dev="sda1" ino=2760902 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1340929056.904:198): arch=x86_64 syscall=open success=no exit=EACCES a0=7fdacce46fd0 a1=242 a2=1b6 a3=1c089bc3474a0c6f items=0 ppid=21350 pid=26425 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,write

audit2allowunable to open /sys/fs/selinux/policy:  Permission denied


audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied

Comment 1 Rodrigo Hernandes 2012-06-29 00:41:25 UTC

This error occurs when I start the browser "plug in" the google talk, my camera is frozen in my view, tendos apenaas movements paused, but who is on the other side I usually preview

Comment 2 Rodrigo Hernandes 2012-06-29 00:43:05 UTC

This freeze occurs with any browser.

Pardon for poor English

I am using a translator

Comment 3 Rodrigo Hernandes 2012-06-29 00:45:20 UTC

# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Have ran the above command but to no avail

Comment 4 Miroslav Grepl 2012-06-29 05:43:07 UTC

Do you know where is the 8c141759a1e6f160.toc file exactly located in your home directory?

Comment 5 Rodrigo Hernandes 2012-06-30 02:33:37 UTC

It always happens the same error when I start the webcam with google talk.
However it seems that this time has to identify the file path

/ home/hernandes/.nv/GLCache/a147bc5d819e1646d5baf3 c8f0a017e4/05ff4155ed94b6fe/8c141759a1e6f160.toc

following the last full report he generated

SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from write access on the file /home/hernandes/.nv/GLCache/a147bc5d819e1646d5baf3c8f0a017e4/05ff4155ed94b6fe/8c141759a1e6f160.toc.

*****  Plugin catchall (100. confidence) suggests  ***************************

If você acredita que o plugin-container deva ser permitido acesso de write em 8c141759a1e6f160.toc file  por default.
Then você precisa reportar este como um erro.
Você pode gerar um módulo de política local para permitir este acesso.
Do
permitir este acesso agora executando:
# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                /home/hernandes/.nv/GLCache/a147bc5d819e1646d5baf3
                              c8f0a017e4/05ff4155ed94b6fe/8c141759a1e6f160.toc [
                              file ]
Source                        plugin-containe
Source Path                   /usr/lib64/xulrunner-2/plugin-container
Port                          <Desconhecido>
Host                          Hernandes
Source RPM Packages           xulrunner-13.0.1-1.fc17.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-132.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     Hernandes
Platform                      Linux Hernandes 3.4.3-1.fc17.x86_64 #1 SMP Mon Jun
                              18 19:53:17 UTC 2012 x86_64 x86_64
Alert Count                   47
First Seen                    Qui 28 Jun 2012 21:16:32 BRT
Last Seen                     Sex 29 Jun 2012 23:04:09 BRT
Local ID                      1ce0feb5-78ef-4a71-8975-6854cd0e0ae3

Raw Audit Messages
type=AVC msg=audit(1341021849.44:103): avc:  denied  { write } for  pid=12370 comm="plugin-containe" name="8c141759a1e6f160.toc" dev="sda1" ino=2760902 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1341021849.44:103): arch=x86_64 syscall=open success=no exit=EACCES a0=7f3037a46fd0 a1=242 a2=1b6 a3=1c089bc3474a0c6f items=0 ppid=3292 pid=12370 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,write

audit2allowunable to open /sys/fs/selinux/policy:  Permission denied


audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied

Comment 6 Rodrigo Hernandes 2012-07-02 03:06:00 UTC

/ home/hernandes/.nv/GLCache/a147bc5d819e1646d5baf3 c8f0a017e4/05ff4155ed94b6fe/8c141759a1e6f160.toc

Comment 7 Miroslav Grepl 2012-07-02 06:49:23 UTC

Please execute

# restorecon -R -v /home/hernandes/.nv

Note You need to log in before you can comment on or make changes to this bug.