SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from create access on the file C:\nppdf32Log\debuglog.txt.

Thu Jan 3 15:47:27 UTC 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/03/2013 07:43 AM, Lawrence Graves wrote:
> SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from create
> access on the file C:\nppdf32Log\debuglog.txt.
> 
> ***** Plugin catchall (100. confidence) suggests
> ***************************
> 
> If you believe that npviewer.bin should be allowed create access on the 
> C:\nppdf32Log\debuglog.txt file by default. Then you should report this as
> a bug. You can generate a local policy module to allow this access. Do 
> allow this access for now by executing: # grep npviewer.bin
> /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
> 
> Additional Information: Source Context
> unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context
> unconfined_u:object_r:user_home_dir_t:s0 Target Objects
> C:\nppdf32Log\debuglog.txt [ file ] Source npviewer.bin Source Path
> /usr/lib/nspluginwrapper/npviewer.bin Port <Unknown> Host Jehovah Source
> RPM Packages nspluginwrapper-1.4.4-16.fc18.i686 Target RPM Packages Policy
> RPM selinux-policy-3.11.1-67.fc18.noarch Selinux Enabled True Policy Type
> targeted Enforcing Mode Enforcing Host Name Jehovah Platform Linux Jehovah
> 3.6.11-3.fc18.x86_64 #1 SMP Mon Dec 17 21:35:39 UTC 2012 x86_64 x86_64 
> Alert Count 9 First Seen 2013-01-02 19:30:27 MST Last Seen 2013-01-03
> 05:25:40 MST Local ID 648f8feb-cca0-4067-a550-0155c223c4e5
> 
> Raw Audit Messages type=AVC msg=audit(1357215940.599:344): avc: denied {
> create } for pid=3211 comm="npviewer.bin"
> name="C:\nppdf32Log\debuglog.txt" 
> scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file
> 
> 
> type=SYSCALL msg=audit(1357215940.599:344): arch=i386 syscall=fstat per=8 
> success=no exit=EACCES a0=f772332a a1=441 a2=1b6 a3=83f48b0 items=0
> ppid=3094 pid=3211 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
> fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2
> comm=npviewer.bin exe=/usr/lib/nspluginwrapper/npviewer.bin 
> subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> 
> Hash: npviewer.bin,mozilla_plugin_t,user_home_dir_t,file,create
> 
> audit2allow
> 
> #============= mozilla_plugin_t ============== allow mozilla_plugin_t
> user_home_dir_t:file create;
> 
> audit2allow -R
> 
> #============= mozilla_plugin_t ============== allow mozilla_plugin_t
> user_home_dir_t:file create;

What plugin is doing this and what directory is "C:\nppdf32Log\debuglog.txt"
being created in ?  $HOME?

Looks like something we might not be able to support.  You can turn off
confinement by executing:

setsebool -P unconfined_mozilla_plugin_transition 0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDlqA8ACgkQrlYvE4MpobMXOwCgkBKxekFOI5gl/DsET5XcZxJa
/3gAn2rTVB43p853P0NdJJ4KpyJvxe8b
=qq/C
-----END PGP SIGNATURE-----