SPICE plugin
Ian Pilcher
arequipeno at gmail.com
Mon Dec 9 23:35:58 UTC 2013
Just got this when trying to use the SPICE plugin. The alert browser
is telling me that I need to:
setsebool -P unconfined_mozilla_plugin_transition 0
Is there any more target way to make this work?
SELinux is preventing /usr/bin/remote-viewer from read access on the
file /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4.
***** Plugin restorecon (57.3 confidence) suggests
*************************
If you want to fix the label.
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
default label should be fonts_cache_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
***** Plugin mozplugger (43.1 confidence) suggests
*************************
If you want to use the spice-xpi package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0
***** Plugin catchall (1.06 confidence) suggests
***************************
If you believe that remote-viewer should be allowed read access on the
beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep remote-viewer /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context
unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
0.c1023
Target Context system_u:object_r:auth_cache_t:s0
Target Objects
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99c
e0c0-le64.cache-4 [ file ]
Source remote-viewer
Source Path /usr/bin/remote-viewer
Port <Unknown>
Host ian.penurio.us
Source RPM Packages virt-viewer-0.5.6-1.fc19.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-74.14.fc19.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name ian.penurio.us
Platform Linux ian.penurio.us
3.11.10-200.fc19.x86_64 #1
SMP Mon Dec 2 20:28:03 UTC 2013 x86_64 x86_64
Alert Count 1
First Seen 2013-12-09 11:19:32 CST
Last Seen 2013-12-09 11:19:32 CST
Local ID 44b7c402-60fc-4573-8a7f-0d065c5ff85b
Raw Audit Messages
type=AVC msg=audit(1386609572.209:484): avc: denied { read } for
pid=15147 comm="remote-viewer"
name="beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4" dev="dm-1"
ino=13121
scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auth_cache_t:s0 tclass=file
type=AVC msg=audit(1386609572.209:484): avc: denied { open } for
pid=15147 comm="remote-viewer"
path="/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4"
dev="dm-1" ino=13121
scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auth_cache_t:s0 tclass=file
type=SYSCALL msg=audit(1386609572.209:484): arch=x86_64 syscall=open
success=yes exit=ENOTTY a0=24bc310 a1=80000 a2=3126fba788 a3=0 items=0
ppid=15138 pid=15147 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=22 tty=(none)
comm=remote-viewer exe=/usr/bin/remote-viewer
subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
Hash: remote-viewer,mozilla_plugin_t,auth_cache_t,file,read
--
========================================================================
Ian Pilcher arequipeno at gmail.com
Sent from the cloud -- where it's already tomorrow
========================================================================
More information about the selinux
mailing list