selinux kills firefox?
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 25 20:33:25 UTC 2009
On 09/25/2009 12:27 PM, Per Bothner wrote:
> $ firefox
> /usr/lib/firefox-3.5.3/run-mozilla.sh: line 131: 2334 Segmentation
> fault "$prog" ${1+"$@"}
> $ /usr/lib/firefox-3.5.3/firefox
> Segmentation fault
>
> However, when I disable SELinux (by SELINUX=permissive in
> editing /etc/sysconfig/selinux), it works.
>
> Diagnosing this is more complicated than it should be,
> because Applications->System Tools->SELinux Troubleshooter
> does nothing. And I don't see anything SELinux-related in
> System->Administration. (This is probably a non-standard
> menu bar, because I'm using the same /home as Fedora 11.)
>
> Related: When an SELinux problem happens, a pop-up
> happens, with an option to "show" the denial.
> That doesn't do anything either.
If you turn on the allow_execmem boolean or the
allow_unconfined_nsplugin_transition off, your firefox will run.
setsebool -P allow_execmen 1
setsebool -P allow_unconfined_nsplugin_transition 0
Both of these will allow firefox to run with the breakage. In Rawhide we turn these booleans off to try to reveal
where we have badly written code. Firefox/Xulrunner/FlashPlugin have an execmem problem. It has been reported for a while.
setroubleshoot should be reporting this to you.
Tonights build will turn off the
setsebool -P allow_unconfined_nsplugin_transition 0
for fresh installs, as we get closer to Beta, I have to start loosening up the controls so that SELinux can not block
badly written programs any longer.
What version of setroubleshoot are you running that you are not seeing AVC messages?
More information about the test
mailing list