selinux blocking flash-plugin
Roger Grosswiler
roger at gwch.net
Sun Dec 18 20:28:34 UTC 2005
Am Sonntag, den 18.12.2005, 21:25 +0100 schrieb Roger Grosswiler:
> Hey,
>
> The flashplugin of firefox works just in permissive mode, enforcing
> blocks it, see here:
>
> type=AVC msg=audit(1134936894.710:558): avc: denied { execmod } for
> pid=7319 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=392125
> scontext=user_u: system_r:unconfined_t:s0
> tcontext=user_u:object_r:user_home_t:s0 tclass=file
> type=SYSCALL msg=audit(1134936894.710:558): arch=40000003 syscall=125
> success=no exit=-13 a0=17e5000 a1=1ef000 a2=5 a3=bff26b00 items=0
> pid=7319 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 comm="f irefox-bin"
> exe="/usr/lib/firefox-1.5/firefox-bin"
> type=AVC_PATH msg=audit(1134936894.710:558):
> path="/home/roger/.mozilla/plugins /libflashplayer.so"
>
>
> HTH
> Roger
>
btw. same for a systemwide installation
type=AVC msg=audit(1134937671.412:614): avc: denied { execmod } for
pid=7628 comm="firefox-bin" name="libflashplayer.so" dev=dm-0
ino=1241390 scontext=user_u:system_r:unconfined_t:s0
tcontext=root:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1134937671.412:614): arch=40000003 syscall=125
success=no exit=-13 a0=5fef000 a1=1ef000 a2=5 a3=bfd61750 items=0
pid=7628 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="firefox-bin"
exe="/usr/lib/firefox-1.5/firefox-bin"
type=AVC_PATH msg=audit(1134937671.412:614):
path="/usr/lib/mozilla/plugins/libflashplayer.so"
[root at niobe audit]#
More information about the fedora-test-list
mailing list