FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-18-2009, 12:21 AM
"Christoph A."
 
Default FC12: 'sandbox -X' AVC's (gnash-plugin)

On 17.12.2009 20:46, Daniel J Walsh wrote:
> sandbox -t sandbox_web_t firefox
>
> Should work for firefox.

sandbox -X -t sandbox_web_t firefox
comes up fine, thanks!

I also installed gnash-plugin and some codecs from RPM Fusion, if I go
to a website that contains flash movies gtk-gnash crashes (only within
the sandbox).

I guess gtk-gnash is not allowed to interact with pulse?
AVC's attached.

> Not sure what is going wrong with sandbox -X xterm.
Sorry, this was my fault, xterm was not on that machine.

thanks,
Christoph
type=AVC msg=audit(1261101935.041:20655): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-986868841" dev=tmpfs ino=21987 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:sandbox_web_client_ tmpfs_t:s0:c296,c900 tclass=file
type=SYSCALL msg=audit(1261101935.041:20655): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.060:20656): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-2007891928" dev=tmpfs ino=21328 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.060:20656): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.070:20657): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-3816963912" dev=tmpfs ino=16051 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.070:20657): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.075:20658): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-824094764" dev=tmpfs ino=15246 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.075:20658): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.082:20659): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-4071679661" dev=tmpfs ino=13498 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.082:20659): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.084:20660): avc: denied { read } for pid=2553 comm="gtk-gnash" name="pulse-shm-3402493802" dev=tmpfs ino=13327 scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_ubject_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.084:20660): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.119:20661): avc: denied { sendto } for pid=2553 comm="gtk-gnash" scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tcontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c509,c609 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1261101935.119:20661): arch=40000003 syscall=102 success=no exit=-13 a0=9 a1=bfe4cac0 a2=240a608 a3=0 items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 key=(null)
type=ANOM_ABEND msg=audit(1261101935.121:20662): auid=500 uid=500 gid=500 ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c509,c609 pid=2553 comm="gtk-gnash" sig=6
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org