selinux now causing trouble with seamonkey

Jim Cornette fct-cornette at insight.rr.com
Fri Feb 15 02:24:45 UTC 2008


Daniel J Walsh wrote:
>>
> If you want to try further experimentation, you can set the  boolean
> allow_unconfined_nsplugin_transition and run the plugins confined.

First I needed to figure out what tool and how to set the boolean with a 
GUI tool. I finally found out SELinux Administration was the GUI to use.
I filtered by nsp and checked the active box. Previously the active box 
was not checked.

I hope I did this task right.

Starting Firefox had one error. After going to news.aol.com there were 
many errors related to the plugin manager. This error was different than 
the bulk of complaints.

SELinux is preventing plugin-config (nsplugin_config_t) "read" to 
./nphelix.xpt (usr_t).

Raw Audit Messages :host=HP-JCF7 type=AVC msg=audit(1203040934.973:257): 
avc: denied { read } for pid=19723 comm="plugin-config" 
name="nphelix.xpt" dev=sda6 ino=618113 
scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0 
tcontext=system_u:object_r:usr_t:s0 tclass=file host=HP-JCF7 
type=SYSCALL msg=audit(1203040934.973:257): arch=40000003 syscall=33 
success=no exit=-13 a0=80565a0 a1=4 a2=80565a0 a3=bfb70f58 items=0 
ppid=19721 pid=19723 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 
egid=500 sgid=500 fsgid=500 tty=(none) ses=3 comm="plugin-config" 
exe="/usr/lib/nspluginwrapper/plugin-config" 
subj=unconfined_u:unconfined_r:nsplugin_config_t:s0 key=(null)

Other summaries were:
SELinux is preventing ...
npviewer.bin (nsplugin_t) "execmem" to <Unknown> (nsplugin_t).
npviewer.bin (nsplugin_t) "execstack" to <Unknown> (nsplugin_t).
npviewer.bin (nsplugin_t) "read write" to socket (unconfined_t).
*plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).*
plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).
plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).

I'll file a bug report if more details are needed.

Jim




More information about the fedora-test-list mailing list