SELinux is preventing npviewer.bin (nsplugin_t) "read" to controlC0 (sound_device_t).
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 4 15:03:59 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> I am getting to see the following errors that slow
> down my machine and take CPU to 100%
>
> Thanks,
>
> Antonio
>
> Summary:
>
> SELinux is preventing npviewer.bin (nsplugin_t) "read"
> to controlC0
> (sound_device_t).
>
> Detailed Description:
>
> SELinux denied access requested by npviewer.bin. It is
> not expected that this
> access is required by npviewer.bin and this access may
> signal an intrusion
> attempt. It is also possible that the specific version
> or configuration of the
> application is causing it to require additional
> access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials.
> You could try to restore
> the default system file context for controlC0,
>
> restorecon -v 'controlC0'
>
> If this does not work, there is currently no automatic
> way to allow this access.
> Instead, you can generate a local policy module to
> allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:nsplugin_t:SystemLow-
> SystemHigh
> Target Context
> system_u:object_r:sound_device_t
> Target Objects controlC0 [ chr_file ]
> Source npviewer.bin
> Source Path
> /usr/lib/nspluginwrapper/npviewer.bin
> Port <Unknown>
> Host localhost
> Source RPM Packages
> nspluginwrapper-0.9.91.5-23.fc9
> Target RPM Packages
> Policy RPM
> selinux-policy-3.3.1-9.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost
> 2.6.25-0.80.rc3.git2.fc9 #1 SMP
> Fri Feb 29 18:17:34 EST
> 2008 i686 athlon
> Alert Count 2689
> First Seen Tue 26 Feb 2008 03:24:34
> PM CST
> Last Seen Mon 03 Mar 2008 03:54:56
> PM CST
> Local ID
> 469b1532-4ab3-4757-be58-2248cc0f9f05
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost type=AVC
> msg=audit(1204581296.416:2216): avc: denied { read }
> for pid=1218 comm="npviewer.bin" name="controlC0"
> dev=tmpfs ino=5312
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sound_device_t:s0
> tclass=chr_file
>
> host=localhost type=SYSCALL
> msg=audit(1204581296.416:2216): arch=40000003
> syscall=5 success=no exit=-13 a0=bfe497f2 a1=0 a2=1e
> a3=bfe497f2 items=0 ppid=32748 pid=1218 auid=500
> uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
> sgid=500 fsgid=500 tty=(none) ses=1
> comm="npviewer.bin"
> exe="/usr/lib/nspluginwrapper/npviewer.bin"
> subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> key=(null)
>
>
>
>
Just add the rule using audit2allow. I will add tonight.
>
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNZN8ACgkQrlYvE4MpobNxTgCgplKlWIMqwGT5C5vpfIFq9+kI
XNYAnjZhaNkPYJ1mcwIzZHADiSfpxp/m
=P1g6
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list