SELinux is preventing npviewer.bin (nsplugin_t) "unix_read unix_write" unconfined_java_t.
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 28 16:21:47 UTC 2009
On 04/27/2009 06:12 PM, Antonio Olivares wrote:
> Just as I sent the other message, I got this one:
>
>
> Summary:
>
> SELinux is preventing npviewer.bin (nsplugin_t) "unix_read unix_write"
> unconfined_java_t.
>
> Detailed Description:
>
> SELinux denied access requested by npviewer.bin. It is not expected that this
> access is required by npviewer.bin and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102
> 3
> Target Context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:
> c0.c1023
> Target Objects None [ sem ]
> Source npviewer.bin
> Source Path /usr/lib64/nspluginwrapper/npviewer.bin
> Port<Unknown>
> Host gray
> Source RPM Packages nspluginwrapper-1.3.0-5.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.12-9.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name gray
> Platform Linux gray 2.6.29.1-102.fc11.x86_64 #1 SMP Mon Apr
> 20 15:33:38 EDT 2009 x86_64 x86_64
> Alert Count 2
> First Seen Tue 28 Apr 2009 05:08:56 PM CDT
> Last Seen Tue 28 Apr 2009 05:08:56 PM CDT
> Local ID 9c2334d3-9938-4dac-9be2-41980e1cdcd4
> Line Numbers
>
> Raw Audit Messages
>
> node=gray type=AVC msg=audit(1240956536.52:59): avc: denied { unix_read unix_write } for pid=4852 comm="npviewer.bin" key=-583345475 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 tclass=sem
>
> node=gray type=SYSCALL msg=audit(1240956536.52:59): arch=c000003e syscall=64 success=no exit=-13 a0=dd3adabd a1=1 a2=380 a3=7ffffabb11d0 items=0 ppid=3116 pid=4852 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in selinux-policy-3.6.12-24.fc11.noarch
More information about the fedora-selinux-list
mailing list