Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 20 16:23:34 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> --- On Thu, 11/20/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> From: Daniel J Walsh <dwalsh at redhat.com>
>> Subject: Re: Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
>> To: olivares14031 at yahoo.com
>> Cc: fedora-selinux-list at redhat.com
>> Date: Thursday, November 20, 2008, 5:31 AM
> Antonio Olivares wrote:
>>>> Dear fellow selinux experts,
>>>>
>>>> npviewer is causing lots of trouble. Firefox freezes
> and I have to kill it/terminate it and restart it just to
> post :(
>>>> What should I do, I have filed bugs on this several
> times :(
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.439:5): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.548:6): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.659:7): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.694:8): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.732:9): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.764:10): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.790:11): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.816:12): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.841:13): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:14:02 localhost kernel: __ratelimit: 42
> callbacks suppressed
>>>> Nov 19 07:14:02 localhost kernel: type=1400
> audit(1227100442.317:28): avc: denied { unix_read
> unix_write } for pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>>
>>>> Thanks,
>>>>
>>>> Antonio
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Are you using mozplugin?
>
>> [root at localhost ~]# rpm -qa mozplugger
>> [root at localhost ~]# rpm -qa mozplugger*
>> [root at localhost ~]#
>
> If yes, and you want to continue
> to use it,
> you should turn off nsplugin protection. Mozplugger runs
> tools like
> openoffice under nsplugin and openoffice can not run
> properly if
> confined by nsplugin.
>
> setsebool -P allow_unconfined_nsplugin_transition 0
>
> Or you can remove mozplugger
>
> rpm -e mozplugger
>
> In either case you need to restart firefox.
>
> I will try the fix: setsebool -P allow_unconfined_nsplugin_transition 0
> Hopefully this goes away :)
> Regards,
> Antonio
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you label firefox as execmem_exec_t?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkljwYACgkQrlYvE4MpobMIgACfWxBolOA2eyi1EWR6R6XPUOTq
byAAoIE2lg93S10+tZmSZmtz8bAiMSq9
=FGVB
-----END PGP SIGNATURE-----
More information about the selinux
mailing list