Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"

Daniel J Walsh dwalsh at redhat.com
Thu Nov 20 16:23:34 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> --- On Thu, 11/20/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
> 
>> From: Daniel J Walsh <dwalsh at redhat.com>
>> Subject: Re: Nov 19 07:13:55 localhost kernel: type=1400 audit(1227100435.439:5): avc: denied { unix_read unix_write } for pid=3833 comm="npviewer.bin"
>> To: olivares14031 at yahoo.com
>> Cc: fedora-selinux-list at redhat.com
>> Date: Thursday, November 20, 2008, 5:31 AM
> Antonio Olivares wrote:
>>>> Dear fellow selinux experts,
>>>>
>>>> npviewer is causing lots of trouble.  Firefox freezes
> and I have to kill it/terminate it and restart it just to
> post :(
>>>> What should I do, I have filed bugs on this several
> times :( 
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.439:5): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                        
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.548:6): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                        
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.659:7): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                        
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.694:8): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                        
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.732:9): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                        
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.764:10): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem                       
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.790:11): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.816:12): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:13:55 localhost kernel: type=1400
> audit(1227100435.841:13): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>> Nov 19 07:14:02 localhost kernel: __ratelimit: 42
> callbacks suppressed
>>>> Nov 19 07:14:02 localhost kernel: type=1400
> audit(1227100442.317:28): avc:  denied  { unix_read
> unix_write } for  pid=3833 comm="npviewer.bin"
> key=5678293
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023
> tclass=sem
>>>>
>>>> Thanks,
>>>>
>>>> Antonio 
>>>>
>>>>
>>>>       
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>>
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> Are you using mozplugin?  
> 
>> [root at localhost ~]# rpm -qa mozplugger
>> [root at localhost ~]# rpm -qa mozplugger*
>> [root at localhost ~]#
> 
> If yes, and you want to continue
> to use it,
> you should turn off nsplugin protection.  Mozplugger runs
> tools like
> openoffice under nsplugin and openoffice can not run
> properly if
> confined by nsplugin.
> 
> setsebool -P allow_unconfined_nsplugin_transition 0
> 
> Or you can remove mozplugger
> 
> rpm -e mozplugger
> 
> In either case you need to restart firefox.
> 

> I will try the fix: setsebool -P allow_unconfined_nsplugin_transition 0

> Hopefully this goes away :)

> Regards,

> Antonio 




> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Did you label firefox as execmem_exec_t?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkljwYACgkQrlYvE4MpobMIgACfWxBolOA2eyi1EWR6R6XPUOTq
byAAoIE2lg93S10+tZmSZmtz8bAiMSq9
=FGVB
-----END PGP SIGNATURE-----

More information about the selinux mailing list