[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux now causing trouble with seamonkey



Daniel J Walsh wrote:

If you want to try further experimentation, you can set the  boolean
allow_unconfined_nsplugin_transition and run the plugins confined.

First I needed to figure out what tool and how to set the boolean with a GUI tool. I finally found out SELinux Administration was the GUI to use. I filtered by nsp and checked the active box. Previously the active box was not checked.

I hope I did this task right.

Starting Firefox had one error. After going to news.aol.com there were many errors related to the plugin manager. This error was different than the bulk of complaints.

SELinux is preventing plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).

Raw Audit Messages :host=HP-JCF7 type=AVC msg=audit(1203040934.973:257): avc: denied { read } for pid=19723 comm="plugin-config" name="nphelix.xpt" dev=sda6 ino=618113 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file host=HP-JCF7 type=SYSCALL msg=audit(1203040934.973:257): arch=40000003 syscall=33 success=no exit=-13 a0=80565a0 a1=4 a2=80565a0 a3=bfb70f58 items=0 ppid=19721 pid=19723 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=3 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:nsplugin_config_t:s0 key=(null)

Other summaries were:
SELinux is preventing ...
npviewer.bin (nsplugin_t) "execmem" to <Unknown> (nsplugin_t).
npviewer.bin (nsplugin_t) "execstack" to <Unknown> (nsplugin_t).
npviewer.bin (nsplugin_t) "read write" to socket (unconfined_t).
*plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).*
plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).
plugin-config (nsplugin_config_t) "read" to ./nphelix.xpt (usr_t).

I'll file a bug report if more details are needed.

Jim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]