FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-17-2009, 03:49 PM
"Christoph A."
 
Default FC12: 'sandbox -X' AVC's

Hi,

after watching Dan's presentation (LPC) about sandbox
in Fedora 12 I wanted to try it out, but I was not successfull.

I tried 'sandbox -X xterm'
and 'sandbox -X firefox' but both crashed immedeately, and I got AVC's.

package versions:

selinux-policy-targeted-3.6.32-56.fc12.noarch
policycoreutils-2.0.74-17.fc12.i686
policycoreutils-sandbox-2.0.74-17.fc12.i686
selinux-policy-3.6.32-56.fc12.noarch
policycoreutils-python-2.0.74-17.fc12.i686

avc's for 'sandbox -X firefox' attached.

Is this a known issue or should this work?

thanks!
Christoph

type=AVC msg=audit(1261071051.587:64): avc: denied { search } for pid=2345 comm="sandboxX.sh" name="/" dev=devpts ino=1 scontext=unconfined_u:unconfined_r:sandbox_x_t:s0: c286,c726 tcontext=system_ubject_r:devpts_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071051.587:64): arch=40000003 syscall=5 success=no exit=-13 a0=8648008 a1=8802 a2=0 a3=0 items=0 ppid=2344 pid=2345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="sandboxX.sh" exe="/bin/bash" subj=unconfined_u:unconfined_r:sandbox_x_t:s0:c286 ,c726 key=(null)
type=AVC msg=audit(1261071053.029:65): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.029:65): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.035:66): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.035:66): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.039:67): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.039:67): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.049:68): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.049:68): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.059:69): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.059:69): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.062:70): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.062:70): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.065:71): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.065:71): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.068:72): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.068:72): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.072:73): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.072:73): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.084:74): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.084:74): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.084:75): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.084:75): arch=40000003 syscall=10 success=no exit=-13 a0=bfb5ce7c a1=0 a2=bfb5df7b a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.090:76): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.090:76): arch=40000003 syscall=10 success=no exit=-13 a0=bfb5df7b a1=ffffffc8 a2=bfb5df7b a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.097:77): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.097:77): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.101:78): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.101:78): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.104:79): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.104:79): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.117:80): avc: denied { read } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.117:80): arch=40000003 syscall=5 success=no exit=-13 a0=805405f a1=98800 a2=20 a3=1 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.120:81): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.120:81): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.120:82): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.120:82): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.127:83): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.127:83): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.127:84): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.127:84): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.136:85): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.136:85): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.146:86): avc: denied { search } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.146:86): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.149:87): avc: denied { read } for pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.149:87): arch=40000003 syscall=5 success=no exit=-13 a0=805405f a1=98800 a2=20 a3=1 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.476:88): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071053.476:88): arch=40000003 syscall=156 success=no exit=-13 a0=948 a1=0 a2=bfaed268 a3=b780e6e0 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.640:89): avc: denied { read } for pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.640:89): arch=40000003 syscall=5 success=no exit=-13 a0=b75a2858 a1=98800 a2=51d3844 a3=b754f280 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.878:90): avc: denied { read } for pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.878:90): arch=40000003 syscall=5 success=no exit=-13 a0=b75a2858 a1=98800 a2=51d3844 a3=b754f280 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.146:91): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.146:91): arch=40000003 syscall=156 success=no exit=-13 a0=949 a1=0 a2=b72ffd9c a3=b72ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.348:92): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.348:92): arch=40000003 syscall=156 success=no exit=-13 a0=948 a1=0 a2=bfe906b8 a3=b77206e0 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.533:93): avc: denied { read } for pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071054.533:93): arch=40000003 syscall=5 success=no exit=-13 a0=b74a2798 a1=98800 a2=51d3844 a3=b744f300 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.845:94): avc: denied { read } for pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=system_ubject_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071054.845:94): arch=40000003 syscall=5 success=no exit=-13 a0=b74a2798 a1=98800 a2=51d3844 a3=b744f300 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.908:95): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.908:95): arch=40000003 syscall=156 success=no exit=-13 a0=94a a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.034:96): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.034:96): arch=40000003 syscall=156 success=no exit=-13 a0=94b a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.043:97): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.043:97): arch=40000003 syscall=156 success=no exit=-13 a0=94c a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.043:98): avc: denied { setsched } for pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_clien t_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.043:98): arch=40000003 syscall=156 success=no exit=-13 a0=94d a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t: s0:c286,c726 key=(null)


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-17-2009, 06:46 PM
Daniel J Walsh
 
Default FC12: 'sandbox -X' AVC's

On 12/17/2009 11:49 AM, Christoph A. wrote:
> Hi,
>
> after watching Dan's presentation (LPC) about sandbox
> in Fedora 12 I wanted to try it out, but I was not successfull.
>
> I tried 'sandbox -X xterm'
> and 'sandbox -X firefox' but both crashed immedeately, and I got AVC's.
>
> package versions:
>
> selinux-policy-targeted-3.6.32-56.fc12.noarch
> policycoreutils-2.0.74-17.fc12.i686
> policycoreutils-sandbox-2.0.74-17.fc12.i686
> selinux-policy-3.6.32-56.fc12.noarch
> policycoreutils-python-2.0.74-17.fc12.i686
>
> avc's for 'sandbox -X firefox' attached.
>
> Is this a known issue or should this work?
>
> thanks!
> Christoph
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
sandbox -t sandbox_web_t firefox

Should work for firefox.

Not sure what is going wrong with sandbox -X xterm.

Did you reboot after installing policycoreutils-sandbox?

You need to reboot in order to setup the namespace stuff.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org