Just got this when trying to use the SPICE plugin. The alert browser is telling me that I need to:
setsebool -P unconfined_mozilla_plugin_transition 0
Is there any more target way to make this work?
SELinux is preventing /usr/bin/remote-viewer from read access on the file /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4.
***** Plugin restorecon (57.3 confidence) suggests *************************
If you want to fix the label. /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 default label should be fonts_cache_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
***** Plugin mozplugger (43.1 confidence) suggests *************************
If you want to use the spice-xpi package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool -P unconfined_mozilla_plugin_transition 0
***** Plugin catchall (1.06 confidence) suggests ***************************
If you believe that remote-viewer should be allowed read access on the beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep remote-viewer /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context system_u:object_r:auth_cache_t:s0 Target Objects /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99c e0c0-le64.cache-4 [ file ] Source remote-viewer Source Path /usr/bin/remote-viewer Port <Unknown> Host ian.penurio.us Source RPM Packages virt-viewer-0.5.6-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.14.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name ian.penurio.us Platform Linux ian.penurio.us 3.11.10-200.fc19.x86_64 #1 SMP Mon Dec 2 20:28:03 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-09 11:19:32 CST Last Seen 2013-12-09 11:19:32 CST Local ID 44b7c402-60fc-4573-8a7f-0d065c5ff85b
Raw Audit Messages type=AVC msg=audit(1386609572.209:484): avc: denied { read } for pid=15147 comm="remote-viewer" name="beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4" dev="dm-1" ino=13121 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auth_cache_t:s0 tclass=file
type=AVC msg=audit(1386609572.209:484): avc: denied { open } for pid=15147 comm="remote-viewer" path="/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4" dev="dm-1" ino=13121 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auth_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1386609572.209:484): arch=x86_64 syscall=open success=yes exit=ENOTTY a0=24bc310 a1=80000 a2=3126fba788 a3=0 items=0 ppid=15138 pid=15147 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=22 tty=(none) comm=remote-viewer exe=/usr/bin/remote-viewer subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
Hash: remote-viewer,mozilla_plugin_t,auth_cache_t,file,read