Bug 878690 - SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'create' accesses on the file settings.sxx.
Summary: SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'create' acc...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:0877707ba91f4d23325047ff571...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-21 00:06 UTC by nathury
Modified: 2012-11-21 10:52 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-11-21 10:52:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: type (9 bytes, text/plain)
2012-11-21 00:06 UTC, nathury 		no flags Details
File: hashmarkername (14 bytes, text/plain)
2012-11-21 00:06 UTC, nathury 		no flags Details
View All

Description nathury 2012-11-21 00:06:05 UTC 
Additional info:
libreport version: 2.0.18
kernel:         3.6.6-1.fc17.x86_64

description:
:SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'create' accesses on the file settings.sxx.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If cree que de manera predeterminada, plugin-container debería permitir acceso create sobre  settings.sxx file.     
:Then debería reportar esto como un error.
:Puede generar un módulo de política local para permitir este acceso.
:Do
:permita el acceso momentáneamente executando:
:# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
:                              0.c1023
:Target Context                unconfined_u:object_r:admin_home_t:s0
:Target Objects                settings.sxx [ file ]
:Source                        plugin-containe
:Source Path                   /usr/lib64/xulrunner/plugin-container
:Port                          <Desconocido>
:Host                          (removed)
:Source RPM Packages           xulrunner-16.0.2-1.fc17.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-159.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov
:                              5 21:59:35 UTC 2012 x86_64 x86_64
:Alert Count                   81
:First Seen                    2012-11-20 17:50:44 CST
:Last Seen                     2012-11-20 18:06:57 CST
:Local ID                      a5cd2599-f8a3-4381-ac5b-e3fdece63dc2
:
:Raw Audit Messages
:type=AVC msg=audit(1353456417.319:238): avc:  denied  { create } for  pid=1618 comm="plugin-containe" name="settings.sxx" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1353456417.319:238): arch=x86_64 syscall=open success=no exit=EACCES a0=7f6e0f041098 a1=442 a2=1b6 a3=776f6c items=0 ppid=1487 pid=1618 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/xulrunner/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
:
:Hash: plugin-containe,mozilla_plugin_t,admin_home_t,file,create
:
:audit2allow
:
:#============= mozilla_plugin_t ==============
:allow mozilla_plugin_t admin_home_t:file create;
:
:audit2allow -R
:
:#============= mozilla_plugin_t ==============
:allow mozilla_plugin_t admin_home_t:file create;
:
Comment 1 nathury 2012-11-21 00:06:14 UTC 
Created attachment 648948 [details]
File: type
Comment 2 nathury 2012-11-21 00:06:18 UTC 
Created attachment 648949 [details]
File: hashmarkername
Comment 3 Daniel Walsh 2012-11-21 10:52:20 UTC 
You should not be running firefox as root, if you want to run in this mode you probably should be running in permissive mode.

Running firefox as root is considered dangeraous.
Note You need to log in before you can comment on or make changes to this bug.