Additional info: libreport version: 2.0.13 kernel: 3.5.3-1.fc17.x86_64 description: :SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'setattr' accesses on the file ParseLock009. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that plugin-container should be allowed setattr access on the ParseLock009 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context unconfined_u:object_r:user_tmpfs_t:s0 :Target Objects ParseLock009 [ file ] :Source plugin-containe :Source Path /usr/lib64/xulrunner-2/plugin-container :Port <Unknown> :Host (removed) :Source RPM Packages xulrunner-15.0-2.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-146.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.3-1.fc17.x86_64 #1 SMP Wed Aug : 29 18:46:34 UTC 2012 x86_64 x86_64 :Alert Count 27 :First Seen 2012-08-13 19:11:48 CDT :Last Seen 2012-09-24 19:28:44 CDT :Local ID b58ccf76-ccea-4bdf-af5c-d14b43c2f0ec : :Raw Audit Messages :type=AVC msg=audit(1348532924.213:150): avc: denied { setattr } for pid=16000 comm="plugin-containe" name="ParseLock009" dev="tmpfs" ino=20043 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file : : :type=SYSCALL msg=audit(1348532924.213:150): arch=x86_64 syscall=fchmod success=no exit=EACCES a0=1b a1=1b6 a2=1b a3=0 items=0 ppid=1662 pid=16000 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) : :Hash: plugin-containe,mozilla_plugin_t,user_tmpfs_t,file,setattr : :audit2allow : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t user_tmpfs_t:file setattr; : :audit2allow -R : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t user_tmpfs_t:file setattr; :
Created attachment 616844 [details] File: type
Created attachment 616845 [details] File: hashmarkername
Do you know what you were doing when this happened? Basically I am interested which apps created "ParseLock009"
This seems to happen every time I start a hangout. I suppose the culprit would be the google-talkplugin (currently at 3.6.1.0-1). I installed the plugin from https://www.google.com/chat/video which added http://dl.google.com/linux/talkplugin/rpm/stable/x86_64 to my yum repos. It's basically the same time I experience #846188. I had hoped that that fix would resolve this issue at the same time, but I guess not.
Does everything seem to work properly? We could add a dontaudit for this.
It seems to work properly, at least at first. After using the hangout for several hours, Firefox can become unresponsive. This error occurs basically at the start of the hangout, so I somewhat doubt that it is to blame for that problem. However, it is the easiest to spot issue, so I kind of hope that they are related (and easy to fix :-)).
Yes I would doubt they are related, but you could try this with mozilla_plugin_t in permissive mode and see if the slugishness continues. semanage permissive -a mozilla_plugin_t
Switching to permissive mode. We added some fixes to see if they fix these issues.
selinux-policy-3.10.0-156.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-156.fc17
Package selinux-policy-3.10.0-156.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-156.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16347/selinux-policy-3.10.0-156.fc17 then log in and leave karma (feedback).
I opened up a google hangout. I assume firefox is trying to use the google-talkplugin Package: (null) OS Release: Fedora release 17 (Beefy Miracle)
(In reply to comment #7) > Yes I would doubt they are related, but you could try this with > mozilla_plugin_t in permissive mode and see if the slugishness continues. > > semanage permissive -a mozilla_plugin_t I tied this and there were other SELinux warnings. It seems like between updates to firefox, flash, google-talk-plugin, and hangout site itself, the problem has fixed itself. Thanks for taking the time to take a look at this :-)
selinux-policy-3.10.0-156.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.