Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
Daniel J Walsh
dwalsh at redhat.com
Fri Nov 21 20:00:10 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
>
>
> --- On Thu, 11/20/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> From: Daniel J Walsh <dwalsh at redhat.com>
>> Subject: Re: Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
>> To: olivares14031 at yahoo.com
>> Cc: fedora-selinux-list at redhat.com
>> Date: Thursday, November 20, 2008, 8:23 AM
> Antonio Olivares wrote:
>>>> --- On Thu, 11/20/08, Daniel J Walsh
> <dwalsh at redhat.com> wrote:
>>>>> From: Daniel J Walsh <dwalsh at redhat.com>
>>>>> Subject: Re: Nov 19 07:13:55 localhost kernel:
> type=1400 audit(1227100435.439:5): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
>>>>> To: olivares14031 at yahoo.com
>>>>> Cc: fedora-selinux-list at redhat.com
>>>>> Date: Thursday, November 20, 2008, 5:31 AM
>>>> Antonio Olivares wrote:
>>>>>>> Dear fellow selinux experts,
>>>>>>>
>>>>>>> npviewer is causing lots of trouble.
> Firefox freezes
>>>> and I have to kill it/terminate it and restart it just
> to
>>>> post :(
>>>>>>> What should I do, I have filed bugs on
> this several
>>>> times :(
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.439:5): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.548:6): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.659:7): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.694:8): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.732:9): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.764:10): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.790:11): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.816:12): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:13:55 localhost kernel:
> type=1400
>>>> audit(1227100435.841:13): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Nov 19 07:14:02 localhost kernel:
> __ratelimit: 42
>>>> callbacks suppressed
>>>>>>> Nov 19 07:14:02 localhost kernel:
> type=1400
>>>> audit(1227100442.317:28): avc: denied { unix_read
>>>> unix_write } for pid=3833
> comm="npviewer.bin"
>>>> key=5678293
>>>>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
>>>> tclass=sem
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Antonio
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> fedora-selinux-list mailing list
>>>>>>> fedora-selinux-list at redhat.com
>>>>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>> Are you using mozplugin?
>>>>
>>>>> [root at localhost ~]# rpm -qa mozplugger
>>>>> [root at localhost ~]# rpm -qa mozplugger*
>>>>> [root at localhost ~]#
>>>> If yes, and you want to continue
>>>> to use it,
>>>> you should turn off nsplugin protection. Mozplugger
> runs
>>>> tools like
>>>> openoffice under nsplugin and openoffice can not run
>>>> properly if
>>>> confined by nsplugin.
>>>>
>>>> setsebool -P allow_unconfined_nsplugin_transition 0
>>>>
>>>> Or you can remove mozplugger
>>>>
>>>> rpm -e mozplugger
>>>>
>>>> In either case you need to restart firefox.
>>>>
>>>> I will try the fix: setsebool -P
> allow_unconfined_nsplugin_transition 0
>
>>>> Hopefully this goes away :)
>>>> Regards,
>>>> Antonio
>
>
>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Did you label firefox as execmem_exec_t?
>
>> No! How would I do that? I have not messed with anything other than updating the flash plugin through yum directly from Adobe :(
>
>> Here's something else that I see:
>
>> npviewer.bin[7578] general protection ip:1168f8c sp:bfca8b00 error:0 in libflashplayer.so[dfd000+951000]
>> npviewer.bin[9952] general protection ip:1168f8c sp:bfc4f2b0 error:0 in libflashplayer.so[dfd000+951000]
>
>
>> Thanks,
>
>> Antonio
What avc are you getting now?
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkknE0oACgkQrlYvE4MpobNqywCeKldGjUai6U0BZWVACuugnHk8
25kAniq5MLfOAwjMCNEw/sSvyUuiqpy/
=wdry
-----END PGP SIGNATURE-----
More information about the selinux
mailing list