Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"

Daniel J Walsh dwalsh at redhat.com
Fri Nov 21 20:00:10 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> 
> 
> --- On Thu, 11/20/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
> 
>> From: Daniel J Walsh <dwalsh at redhat.com>
>> Subject: Re: Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
>> To: olivares14031 at yahoo.com
>> Cc: fedora-selinux-list at redhat.com
>> Date: Thursday, November 20, 2008, 8:23 AM
> Antonio Olivares wrote:
>>>> --- On Thu, 11/20/08, Daniel J Walsh
> <dwalsh at redhat.com> wrote:
>>>>> From: Daniel J Walsh <dwalsh at redhat.com>
>>>>> Subject: Re: Nov 19 07:13:55 localhost kernel:
> type=1400 audit(1227100435.439:5): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
>>>>> To: olivares14031 at yahoo.com
>>>>> Cc: fedora-selinux-list at redhat.com
>>>>> Date: Thursday, November 20, 2008, 5:31 AM
>>>> Antonio Olivares wrote:
>>>>>>> Dear fellow selinux experts,
>>>>>>>
>>>>>>> npviewer is causing lots of trouble. 
> Firefox freezes
>>>> and I have to kill it/terminate it and restart it just
> to
>>>> post :(
>>>>>>> What should I do, I have filed bugs on
> this several
>>>> times :( 
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.439:5): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                        
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.548:6): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                        
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.659:7): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                        
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.694:8): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                        
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.732:9): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                        
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.764:10): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem                       
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.790:11): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.816:12): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.841:13): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:14:02 localhost kernel:
> __ratelimit: 42
>>>> callbacks suppressed
>>>>>>> Nov 19 07:14:02 localhost kernel:
> type=1400
>>>> audit(1227100442.317:28): avc:  denied  { unix_read
>>>> unix_write } for  pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Antonio 
>>>>>>>
>>>>>>>
>>>>>>>       
>>>>>>>
>>>>>>> --
>>>>>>> fedora-selinux-list mailing list
>>>>>>> fedora-selinux-list at redhat.com
>>>>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>> Are you using mozplugin?  
>>>>
>>>>> [root at localhost ~]# rpm -qa mozplugger
>>>>> [root at localhost ~]# rpm -qa mozplugger*
>>>>> [root at localhost ~]#
>>>> If yes, and you want to continue
>>>> to use it,
>>>> you should turn off nsplugin protection.  Mozplugger
> runs
>>>> tools like
>>>> openoffice under nsplugin and openoffice can not run
>>>> properly if
>>>> confined by nsplugin.
>>>>
>>>> setsebool -P allow_unconfined_nsplugin_transition 0
>>>>
>>>> Or you can remove mozplugger
>>>>
>>>> rpm -e mozplugger
>>>>
>>>> In either case you need to restart firefox.
>>>>
>>>> I will try the fix: setsebool -P
> allow_unconfined_nsplugin_transition 0
> 
>>>> Hopefully this goes away :)
>>>> Regards,
>>>> Antonio 
> 
> 
> 
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> Did you label firefox as execmem_exec_t?
> 
>> No!  How would I do that?  I have not messed with anything other than updating the flash plugin through yum directly from Adobe :(
> 
>> Here's something else that I see:
> 
>> npviewer.bin[7578] general protection ip:1168f8c sp:bfca8b00 error:0 in libflashplayer.so[dfd000+951000]
>> npviewer.bin[9952] general protection ip:1168f8c sp:bfc4f2b0 error:0 in libflashplayer.so[dfd000+951000]
> 
> 
>> Thanks,
> 
>> Antonio 
What avc are you getting now?
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkknE0oACgkQrlYvE4MpobNqywCeKldGjUai6U0BZWVACuugnHk8
25kAniq5MLfOAwjMCNEw/sSvyUuiqpy/
=wdry
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list