Description of problem: SELinux is preventing /usr/lib/xulrunner/plugin-container from 'name_bind' accesses on the tcp_socket . ***** Plugin bind_ports (99.5 confidence) suggests ************************* If you want to allow /usr/lib/xulrunner/plugin-container to bind to network port 8090 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p tcp 8090 where PORT_TYPE is one of the following: . ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that plugin-container should be allowed name_bind access on the tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects [ tcp_socket ] Source plugin-containe Source Path /usr/lib/xulrunner/plugin-container Port 8090 Host (removed) Source RPM Packages xulrunner-21.0-4.fc17.i686 Target RPM Packages Policy RPM selinux-policy-3.10.0-169.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.8.13-100.fc17.i686.PAE #1 SMP Mon May 13 13:45:03 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-06-04 09:51:13 CST Last Seen 2013-06-04 09:51:13 CST Local ID 786c08b5-c68f-4618-a19b-eca22533ad33 Raw Audit Messages type=AVC msg=audit(1370310673.685:117): avc: denied { name_bind } for pid=3583 comm="plugin-containe" src=8090 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1370310673.685:117): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=b5efe8d0 a2=b56faff4 a3=b1fff0c0 items=0 ppid=2331 pid=3583 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=plugin-containe exe=/usr/lib/xulrunner/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: plugin-containe,mozilla_plugin_t,unreserved_port_t,tcp_socket,name_bind audit2allow #============= mozilla_plugin_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow mozilla_plugin_t unreserved_port_t:tcp_socket name_bind; audit2allow -R #============= mozilla_plugin_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow mozilla_plugin_t unreserved_port_t:tcp_socket name_bind; Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.i686.PAE type: libreport
*** This bug has been marked as a duplicate of bug 970466 ***