SELinux is preventing npviewer.bin (nsplugin_t) "unix_read unix_write" unconfined_java_t.

Daniel J Walsh dwalsh at redhat.com
Tue Apr 28 16:21:47 UTC 2009 

On 04/27/2009 06:12 PM, Antonio Olivares wrote:
> Just as I sent the other message, I got this one:
>
>
> Summary:
>
> SELinux is preventing npviewer.bin (nsplugin_t) "unix_read unix_write"
> unconfined_java_t.
>
> Detailed Description:
>
> SELinux denied access requested by npviewer.bin. It is not expected that this
> access is required by npviewer.bin and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context                unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102
>                                3
> Target Context                unconfined_u:unconfined_r:unconfined_java_t:s0-s0:
>                                c0.c1023
> Target Objects                None [ sem ]
> Source                        npviewer.bin
> Source Path                   /usr/lib64/nspluginwrapper/npviewer.bin
> Port<Unknown>
> Host                          gray
> Source RPM Packages           nspluginwrapper-1.3.0-5.fc11
> Target RPM Packages
> Policy RPM                    selinux-policy-3.6.12-9.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     gray
> Platform                      Linux gray 2.6.29.1-102.fc11.x86_64 #1 SMP Mon Apr
>                                20 15:33:38 EDT 2009 x86_64 x86_64
> Alert Count                   2
> First Seen                    Tue 28 Apr 2009 05:08:56 PM CDT
> Last Seen                     Tue 28 Apr 2009 05:08:56 PM CDT
> Local ID                      9c2334d3-9938-4dac-9be2-41980e1cdcd4
> Line Numbers
>
> Raw Audit Messages
>
> node=gray type=AVC msg=audit(1240956536.52:59): avc:  denied  { unix_read unix_write } for  pid=4852 comm="npviewer.bin" key=-583345475 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 tclass=sem
>
> node=gray type=SYSCALL msg=audit(1240956536.52:59): arch=c000003e syscall=64 success=no exit=-13 a0=dd3adabd a1=1 a2=380 a3=7ffffabb11d0 items=0 ppid=3116 pid=4852 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib64/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Fixed in selinux-policy-3.6.12-24.fc11.noarch

More information about the fedora-selinux-list mailing list