981685 – icedweb-tea does not work on certain hp ILO blades

Bug 981685 - icedweb-tea does not work on certain hp ILO blades

Summary: icedweb-tea does not work on certain hp ILO blades

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-05 13:23 UTC by Michele Baldessari
Modified:	2013-07-12 08:08 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-12 08:08:02 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
avc log (10.20 KB, text/x-log) 2013-07-05 13:28 UTC, Michele Baldessari	no flags	Details
java plugin log (95.71 KB, text/x-log) 2013-07-05 13:28 UTC, Michele Baldessari	no flags	Details
View All

Description Michele Baldessari 2013-07-05 13:23:05 UTC

Description of problem:
Interestingly enough icedweb-tea works fine on most HP ilo blades except an 660 one and it turned out to be a selinux issue. As disabling it made it work.

The relevant audit.log part is the following:
type=AVC msg=audit(1373030058.127:954): avc:  denied  { create } for  pid=14246 comm="java" name="java.stderr.temp" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=AVC msg=audit(1373030058.127:954): avc:  denied  { write } for  pid=14246 comm="java" path="/home/michele/.icedtea/log/java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1373030058.127:954): arch=c000003e syscall=2 success=yes exit=12 a0=7f95b81f6c10 a1=c2 a2=1b6 a3=7f95bf186740 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1373030058.141:955): avc:  denied  { setattr } for  pid=14246 comm="java" name="java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1373030058.141:955): arch=c000003e syscall=90 success=yes exit=0 a0=7f95b81f6c10 a1=81b4 a2=0 a3=7f95be1bd2e0 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1373030058.141:956): avc:  denied  { rename } for  pid=14246 comm="java" name="java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1373030058.141:956): arch=c000003e syscall=82 success=yes exit=0 a0=7f95b81f6c10 a1=7f95b81f6be0 a2=7f95bf1732c0 a3=7f95be1bd330 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1373030058.817:957): avc:  denied  { create } for  pid=14303 comm="java" name="397" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1373030058.817:957): arch=c000003e syscall=83 success=yes exit=0 a0=7f9514001e20 a1=1ff a2=7f95bf1732c0 a3=7f95bf186740 items=0 ppid=14236 pid=14303 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1373030073.277:958): avc:  denied  { read } for  pid=14299 comm="java" name="sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=AVC msg=audit(1373030073.277:958): avc:  denied  { open } for  pid=14299 comm="java" path="/dev/sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1373030073.277:958): arch=c000003e syscall=2 success=yes exit=25 a0=7f9528079ed0 a1=800 a2=7f95bf1732c0 a3=7f9528079eda items=0 ppid=14236 pid=14299 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1373030073.278:959): avc:  denied  { ioctl } for  pid=14299 comm="java" path="/dev/sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1373030073.278:959): arch=c000003e syscall=16 success=no exit=-25 a0=19 a1=8010020f a2=7f959c554780 a3=7f959c554540 items=0 ppid=14236 pid=14299 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

I figured it out when running ICEDTEAPLUGIN_DEBUG=true firefox 2>&1 | tee plugin.log gave the following:
java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied)
        at java.io.RandomAccessFile.open(Native Method)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118)
        at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345)
        at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245)
        at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:333)
        at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687)
        at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636)
        at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170)
        at java.lang.Thread.run(Thread.java:724)
java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied)
        at java.io.RandomAccessFile.open(Native Method)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118)
        at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345)
        at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245)
        at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:412)
        at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340)
        at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687)
        at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636)
        at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170)
        at java.lang.Thread.run(Thread.java:724)
java.io.IOException: Cant create directory /home/michele/.icedtea/cache/397/https/10.65.210.67/html
        at net.sourceforge.jnlp.util.FileUtils.createParentDir(FileUtils.java:114)
        at net.sourceforge.jnlp.util.FileUtils.createParentDir(FileUtils.java:127)
        at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:423)
        at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340)
        at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687)
        at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636)
        at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170)
        at java.lang.Thread.run(Thread.java:724)
java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:212)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:165)
        at net.sourceforge.jnlp.util.PropertiesFile.store(PropertiesFile.java:157)
        at net.sourceforge.jnlp.cache.CacheLRUWrapper.store(CacheLRUWrapper.java:169)
        at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:435)
        at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340)
        at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687)
        at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636)
        at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170)
        at java.lang.Thread.run(Thread.java:724)
java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied)
        at java.io.RandomAccessFile.open(Native Method)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233)
        at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118)
        at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345)
        at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245)
        at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:333)
        at net.sourceforge.jnlp.cache.CacheEntry.<init>(CacheEntry.java:56)
        at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:688)
        at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636)
        at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170)
        at java.security.AccessController.doPrivileged(Native Method)
        at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170)
        at java.lang.Thread.run(Thread.java:724)


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.12.1-57.fc19.noarch
icedtea-web-1.4-2.fc19.x86_64


How reproducible:
100% I have an RH-internal ilo box to reproduce if needed

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Michele Baldessari 2013-07-05 13:28:15 UTC

Created attachment 769244 [details]
avc log

Comment 2 Michele Baldessari 2013-07-05 13:28:48 UTC

Created attachment 769245 [details]
java plugin log

Comment 3 Michele Baldessari 2013-07-05 13:29:32 UTC

Meh bugzilla reformatted my copy and paste. I've attached the files

Comment 4 Miroslav Grepl 2013-07-12 08:08:02 UTC

Please execute

# restorecon -R -v /home/michele/.icedtea


which will fix the problem.

Note You need to log in before you can comment on or make changes to this bug.