Description of problem: Interestingly enough icedweb-tea works fine on most HP ilo blades except an 660 one and it turned out to be a selinux issue. As disabling it made it work. The relevant audit.log part is the following: type=AVC msg=audit(1373030058.127:954): avc: denied { create } for pid=14246 comm="java" name="java.stderr.temp" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=AVC msg=audit(1373030058.127:954): avc: denied { write } for pid=14246 comm="java" path="/home/michele/.icedtea/log/java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1373030058.127:954): arch=c000003e syscall=2 success=yes exit=12 a0=7f95b81f6c10 a1=c2 a2=1b6 a3=7f95bf186740 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1373030058.141:955): avc: denied { setattr } for pid=14246 comm="java" name="java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1373030058.141:955): arch=c000003e syscall=90 success=yes exit=0 a0=7f95b81f6c10 a1=81b4 a2=0 a3=7f95be1bd2e0 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1373030058.141:956): avc: denied { rename } for pid=14246 comm="java" name="java.stderr.temp" dev="dm-1" ino=6980416 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1373030058.141:956): arch=c000003e syscall=82 success=yes exit=0 a0=7f95b81f6c10 a1=7f95b81f6be0 a2=7f95bf1732c0 a3=7f95be1bd330 items=0 ppid=14236 pid=14246 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1373030058.817:957): avc: denied { create } for pid=14303 comm="java" name="397" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir type=SYSCALL msg=audit(1373030058.817:957): arch=c000003e syscall=83 success=yes exit=0 a0=7f9514001e20 a1=1ff a2=7f95bf1732c0 a3=7f95bf186740 items=0 ppid=14236 pid=14303 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1373030073.277:958): avc: denied { read } for pid=14299 comm="java" name="sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file type=AVC msg=audit(1373030073.277:958): avc: denied { open } for pid=14299 comm="java" path="/dev/sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file type=SYSCALL msg=audit(1373030073.277:958): arch=c000003e syscall=2 success=yes exit=25 a0=7f9528079ed0 a1=800 a2=7f95bf1732c0 a3=7f9528079eda items=0 ppid=14236 pid=14299 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1373030073.278:959): avc: denied { ioctl } for pid=14299 comm="java" path="/dev/sr0" dev="devtmpfs" ino=8238 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file type=SYSCALL msg=audit(1373030073.278:959): arch=c000003e syscall=16 success=no exit=-25 a0=19 a1=8010020f a2=7f959c554780 a3=7f959c554540 items=0 ppid=14236 pid=14299 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts5 comm="java" exe="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) I figured it out when running ICEDTEAPLUGIN_DEBUG=true firefox 2>&1 | tee plugin.log gave the following: java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied) at java.io.RandomAccessFile.open(Native Method) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118) at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345) at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245) at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:333) at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687) at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636) at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170) at java.security.AccessController.doPrivileged(Native Method) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170) at java.lang.Thread.run(Thread.java:724) java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied) at java.io.RandomAccessFile.open(Native Method) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118) at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345) at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245) at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:412) at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340) at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687) at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636) at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170) at java.security.AccessController.doPrivileged(Native Method) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170) at java.lang.Thread.run(Thread.java:724) java.io.IOException: Cant create directory /home/michele/.icedtea/cache/397/https/10.65.210.67/html at net.sourceforge.jnlp.util.FileUtils.createParentDir(FileUtils.java:114) at net.sourceforge.jnlp.util.FileUtils.createParentDir(FileUtils.java:127) at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:423) at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340) at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687) at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636) at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170) at java.security.AccessController.doPrivileged(Native Method) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170) at java.lang.Thread.run(Thread.java:724) java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:212) at java.io.FileOutputStream.<init>(FileOutputStream.java:165) at net.sourceforge.jnlp.util.PropertiesFile.store(PropertiesFile.java:157) at net.sourceforge.jnlp.cache.CacheLRUWrapper.store(CacheLRUWrapper.java:169) at net.sourceforge.jnlp.cache.CacheUtil.makeNewCacheFile(CacheUtil.java:435) at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:340) at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:687) at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636) at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170) at java.security.AccessController.doPrivileged(Native Method) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170) at java.lang.Thread.run(Thread.java:724) java.io.FileNotFoundException: /home/michele/.icedtea/cache/recently_used (Permission denied) at java.io.RandomAccessFile.open(Native Method) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118) at net.sourceforge.jnlp.util.FileUtils.getFileLock(FileUtils.java:345) at net.sourceforge.jnlp.cache.CacheLRUWrapper.lock(CacheLRUWrapper.java:245) at net.sourceforge.jnlp.cache.CacheUtil.getCacheFile(CacheUtil.java:333) at net.sourceforge.jnlp.cache.CacheEntry.<init>(CacheEntry.java:56) at net.sourceforge.jnlp.cache.ResourceTracker.downloadResource(ResourceTracker.java:688) at net.sourceforge.jnlp.cache.ResourceTracker.processResource(ResourceTracker.java:636) at net.sourceforge.jnlp.cache.ResourceTracker.access$500(ResourceTracker.java:76) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1172) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader$1.run(ResourceTracker.java:1170) at java.security.AccessController.doPrivileged(Native Method) at net.sourceforge.jnlp.cache.ResourceTracker$Downloader.run(ResourceTracker.java:1170) at java.lang.Thread.run(Thread.java:724) Version-Release number of selected component (if applicable): selinux-policy-targeted-3.12.1-57.fc19.noarch icedtea-web-1.4-2.fc19.x86_64 How reproducible: 100% I have an RH-internal ilo box to reproduce if needed Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 769244 [details] avc log
Created attachment 769245 [details] java plugin log
Meh bugzilla reformatted my copy and paste. I've attached the files
Please execute # restorecon -R -v /home/michele/.icedtea which will fix the problem.