SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from getattr access on the file /proc/kcore. Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:proc_kcore_t:s0 Target Objects /proc/kcore [ file ] Source GoogleTalkPlugi Source Path /opt/google/talkplugin/GoogleTalkPlugin Port <Unknown> Host localhost.akshay Source RPM Packages google-talkplugin-3.2.4.0-1.i386 Target RPM Packages Policy RPM selinux-policy-3.10.0-145.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name localhost.akshay Platform Linux localhost.akshay 3.5.2-1.fc17.i686.PAE #1 SMP Wed Aug 15 16:30:14 UTC 2012 i686 i686 Alert Count 3 First Seen 2012-08-20 11:39:32 IST Last Seen 2012-08-21 08:33:16 IST Local ID a0bab406-a3d9-4133-96c4-7e6f3da5fc15 Raw Audit Messages type=AVC msg=audit(1345518196.237:84): avc: denied { getattr } for pid=1946 comm="GoogleTalkPlugi" path="/proc/kcore" dev="proc" ino=4026532031 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file type=SYSCALL msg=audit(1345518196.237:84): arch=i386 syscall=stat64 success=yes exit=0 a0=ab2f754 a1=bf8e9898 a2=4e540ff4 a3=bf8e994c items=0 ppid=1 pid=1946 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=GoogleTalkPlugi exe=/opt/google/talkplugin/GoogleTalkPlugin subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: GoogleTalkPlugi,mozilla_plugin_t,proc_kcore_t,file,getattr audit2allow #============= mozilla_plugin_t ============== allow mozilla_plugin_t proc_kcore_t:file getattr; audit2allow -R #============= mozilla_plugin_t ============== allow mozilla_plugin_t proc_kcore_t:file getattr;
You can dontaudit it for now using # grep proc_kcore_t /var/log/audit/audit.log |audit2allow -D -M mypol # semodule -i mypol.pp
selinux-policy-3.10.0-149.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-149.fc17
Package selinux-policy-3.10.0-149.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-149.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-14301/selinux-policy-3.10.0-149.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-149.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.