--- On Thu, 11/20/08, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
From: Daniel J Walsh <dwalsh(a)redhat.com>
Subject: Re: Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc:
denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
To: olivares14031(a)yahoo.com
Cc: fedora-selinux-list(a)redhat.com
Date: Thursday, November 20, 2008, 5:31 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear fellow selinux experts,
>
> npviewer is causing lots of trouble. Firefox freezes
and I have to kill it/terminate it and restart it just to
post :(
>
> What should I do, I have filed bugs on this several
times :(
>
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.439:5): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.548:6): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.659:7): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.694:8): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.732:9): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.764:10): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.790:11): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.816:12): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:13:55 localhost kernel: type=1400
audit(1227100435.841:13): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
> Nov 19 07:14:02 localhost kernel: __ratelimit: 42
callbacks suppressed
> Nov 19 07:14:02 localhost kernel: type=1400
audit(1227100442.317:28): avc: denied { unix_read
unix_write } for pid=3833 comm="npviewer.bin"
key=5678293
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
tclass=sem
>
>
> Thanks,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Are you using mozplugin?
[root@localhost ~]# rpm -qa mozplugger
[root@localhost ~]# rpm -qa mozplugger*
[root@localhost ~]#
If yes, and you want to continue
to use it,
you should turn off nsplugin protection. Mozplugger runs
tools like
openoffice under nsplugin and openoffice can not run
properly if
confined by nsplugin.
setsebool -P allow_unconfined_nsplugin_transition 0
Or you can remove mozplugger
rpm -e mozplugger
In either case you need to restart firefox.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkklZsMACgkQrlYvE4MpobMuNQCgviQtvgYRjYjOYdvrwIYAyaQl
U3oAoKMhVBY3ASZ3XQ82oke/Mlp126Z8
=2pV8
-----END PGP SIGNATURE-----
I will try the fix: setsebool -P
allow_unconfined_nsplugin_transition 0
Hopefully this goes away :)
Regards,
Antonio