Description of problem: SELinux is preventing /usr/lib64/xulrunner/plugin-container from 'append' accesses on the unix_stream_socket unix_stream_socket. ***** Plugin mozplugger (91.9 confidence) suggests ************************* If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool unconfined_mozilla_plugin_transition 0 ***** Plugin leaks (7.81 confidence) suggests ****************************** If you want to ignore plugin-container trying to append access the unix_stream_socket unix_stream_socket, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/lib64/xulrunner/plugin-container /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (1.71 confidence) suggests *************************** If you believe that plugin-container should be allowed append access on the unix_stream_socket unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects unix_stream_socket [ unix_stream_socket ] Source plugin-containe Source Path /usr/lib64/xulrunner/plugin-container Port <Unknown> Host (removed) Source RPM Packages xulrunner-21.0-3.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-44.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.0-301.fc19.x86_64 #1 SMP Mon Apr 29 13:44:05 UTC 2013 x86_64 x86_64 Alert Count 25 First Seen 2013-05-12 09:34:03 IST Last Seen 2013-05-19 16:52:53 IST Local ID 3b7f7272-42f6-4f8e-a5aa-2a1a3dce9c74 Raw Audit Messages type=AVC msg=audit(1368962573.426:485): avc: denied { append } for pid=2879 comm="plugin-containe" path="socket:[27786]" dev="sockfs" ino=27786 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1368962573.426:485): arch=x86_64 syscall=execve success=yes exit=0 a0=7f0d55423938 a1=7f0d55423980 a2=7f0d74e04c00 a3=7f0d68ed06e0 items=0 ppid=2826 pid=2879 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=plugin-containe exe=/usr/lib64/xulrunner/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: plugin-containe,mozilla_plugin_t,xdm_t,unix_stream_socket,append audit2allow #============= mozilla_plugin_t ============== allow mozilla_plugin_t xdm_t:unix_stream_socket append; audit2allow -RYou must regenerate interface info by running /usr/bin/sepolgen-ifgen Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.2-301.fc19.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 964651 ***