Description of problem: I was viewing a pdf document online, and wanted to save it in my computer, pressing the icon save, while viewing it. Additional info: libreport version: 2.0.18 kernel: 3.6.10-2.fc17.i686 description: :SELinux is preventing /opt/Adobe/Reader9/Reader/intellinux/bin/acroread from 'write' accesses on the directory 2h. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that acroread should be allowed write access on the 2h directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep acroread /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context system_u:object_r:dosfs_t:s0 :Target Objects 2h [ dir ] :Source acroread :Source Path /opt/Adobe/Reader9/Reader/intellinux/bin/acroread :Port <Unknown> :Host (removed) :Source RPM Packages AdobeReader_enu-9.5.1-1.i486 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-161.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.10-2.fc17.i686 #1 SMP Tue Dec : 11 18:33:15 UTC 2012 i686 i686 :Alert Count 2 :First Seen 2012-12-24 20:50:25 EET :Last Seen 2012-12-24 20:58:16 EET :Local ID 4e4e5474-9196-4ee4-b5eb-dcb131b179c0 : :Raw Audit Messages :type=AVC msg=audit(1356375496.862:68): avc: denied { write } for pid=2013 comm="acroread" name="2h" dev="sdb1" ino=513 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dosfs_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1356375496.862:68): arch=i386 syscall=open success=no exit=EACCES a0=da903e8 a1=242 a2=180 a3=da903e8 items=0 ppid=2010 pid=2013 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=acroread exe=/opt/Adobe/Reader9/Reader/intellinux/bin/acroread subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) : :Hash: acroread,mozilla_plugin_t,dosfs_t,dir,write : :audit2allow : :#============= mozilla_plugin_t ============== :#!!!! This avc is allowed in the current policy : :allow mozilla_plugin_t dosfs_t:dir write; : :audit2allow -R : :#============= mozilla_plugin_t ============== :#!!!! This avc is allowed in the current policy : :allow mozilla_plugin_t dosfs_t:dir write; :
Created attachment 668576 [details] File: type
Created attachment 668577 [details] File: hashmarkername
In fact, SELinux is preventing /opt/Adobe/Reader9/Reader/intellinux/bin/acroread from 'write' accesses on any directory.
You will need to turn off the mozilla_plugin transition # setsebool -P unconfined_mozilla_plugin_transition 0
(In reply to comment #4) > You will need to turn off the mozilla_plugin transition > > # setsebool -P unconfined_mozilla_plugin_transition 0 It worked! Thanks a lot!