miss-match between needs and setroubleshooter's output recommendations
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 7 16:52:13 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
> Greetings;
>
> I have now been in the center ring of this circus about long enough. selinux
> is about to get made permissive or disabled.
>
> I have now issued these commands:
>
> [root at coyote ~]# semanage fcontext -a -t
> textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root at coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root at coyote ~]# semanage fcontext -a -t
> textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root at coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
>
> Twice as can be seen, and restarted firefox each time, and each time selinux
> denies firefox a plugin it needs to pay this site:
> <http://ed-tharp.kicks-ass.org/ridingmower.mpg>
>
> I now have the third denial showing in the setroubleshooter's screen.
> -----------------
>
> How can I fix this?
>
> Thanks.
>
Please attach the AVC messages from /var/log/audit/audit.log
This looks like you could be running Firefox as root, which is a bad idea.
ausearch -m avc
Will grab all of the avc messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeCWL0ACgkQrlYvE4MpobMX5ACg46tN7VjBjPApAAfE1J9mipNp
J8sAn2YrQDBqssOrPNz10gmM1rF+pJyf
=dcGv
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list