selinux kills firefox?

Daniel J Walsh dwalsh at
Fri Sep 25 20:33:25 UTC 2009

On 09/25/2009 12:27 PM, Per Bothner wrote:
> $ firefox
> /usr/lib/firefox-3.5.3/ line 131:  2334 Segmentation
> fault      "$prog" ${1+"$@"}
> $ /usr/lib/firefox-3.5.3/firefox
> Segmentation fault
> However, when I disable SELinux (by SELINUX=permissive in
> editing /etc/sysconfig/selinux), it works.
> Diagnosing this is more complicated than it should be,
> because Applications->System Tools->SELinux Troubleshooter
> does nothing.  And I don't see anything SELinux-related in
> System->Administration.  (This is probably a non-standard
> menu bar, because I'm using the same /home as Fedora 11.)
> Related: When an SELinux problem happens, a pop-up
> happens, with an option to "show" the denial.
> That doesn't do anything either.
If you turn on the allow_execmem boolean or the 
allow_unconfined_nsplugin_transition off, your firefox will run.

setsebool -P allow_execmen 1
setsebool -P allow_unconfined_nsplugin_transition 0

Both of these will allow firefox to run with the breakage.  In Rawhide we turn these booleans off to try to reveal
where we have badly written code.  Firefox/Xulrunner/FlashPlugin have an execmem problem.  It has been reported for a while.

setroubleshoot should be reporting this to you.

Tonights build will turn off the 

setsebool -P allow_unconfined_nsplugin_transition 0

for fresh installs, as we get closer to Beta, I have to start loosening up the controls so that SELinux can not block 
badly written programs any longer.

What version of setroubleshoot are you running that you are not seeing AVC messages?

More information about the test mailing list