Description of problem: I was trying to log in to my internet bank which generates a random key on every login. SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java from 'append' accesses on the chr_file random. ***** Plugin mozplugger (99.1 confidence) suggests ************************* If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool unconfined_mozilla_plugin_transition 0 ***** Plugin catchall (1.81 confidence) suggests *************************** If you believe that java should be allowed append access on the random chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep java /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:random_device_t:s0 Target Objects random [ chr_file ] Source java Source Path /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jr e/bin/java Port <Unknown> Host (removed) Source RPM Packages java-1.7.0-openjdk-1.7.0.19-2.3.9.5.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-97.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.4-200.fc18.x86_64 #1 SMP Fri May 24 20:10:49 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-06-10 17:57:10 EEST Last Seen 2013-06-12 12:09:53 EEST Local ID bf1b7d8f-b1ba-4167-9e91-c3723b320839 Raw Audit Messages type=AVC msg=audit(1371028193.383:371): avc: denied { append } for pid=2984 comm="java" name="random" dev="devtmpfs" ino=1032 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1371028193.383:371): arch=x86_64 syscall=open success=no exit=EACCES a0=7fbc6405d780 a1=441 a2=1b6 a3=c items=0 ppid=2914 pid=2984 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=java exe=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: java,mozilla_plugin_t,random_device_t,chr_file,append audit2allow #============= mozilla_plugin_t ============== allow mozilla_plugin_t random_device_t:chr_file append; audit2allow -R require { type mozilla_plugin_t; } #============= mozilla_plugin_t ============== dev_write_rand(mozilla_plugin_t) Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-200.fc18.x86_64 type: libreport
Did everything work?
Yes, it seemed to work. So I'm a bit puzzled why this error message appeared.
*** This bug has been marked as a duplicate of bug 1015773 ***