Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   miss-match between needs and setroubleshooter's output recommendations (http://www.linux-archive.org/fedora-selinux-support/31105-miss-match-between-needs-setroubleshooters-output-recommendations.html)

Daniel J Walsh 01-07-2008 03:52 PM

miss-match between needs and setroubleshooter's output recommendations
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
>
> I have now been in the center ring of this circus about long enough. selinux
> is about to get made permissive or disabled.
>
> I have now issued these commands:
>
> [root@coyote ~]# semanage fcontext -a -t
> textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root@coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root@coyote ~]# semanage fcontext -a -t
> textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> [root@coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
>
> Twice as can be seen, and restarted firefox each time, and each time selinux
> denies firefox a plugin it needs to pay this site:
> <http://ed-tharp.kicks-ass.org/ridingmower.mpg>
>
> I now have the third denial showing in the setroubleshooter's screen.
> -----------------
>
> How can I fix this?
>
> Thanks.
>
Please attach the AVC messages from /var/log/audit/audit.log

This looks like you could be running Firefox as root, which is a bad idea.

ausearch -m avc

Will grab all of the avc messages.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeCWL0ACgkQrlYvE4MpobMX5ACg46tN7VjBjP ApAAfE1J9mipNp
J8sAn2YrQDBqssOrPNz10gmM1rF+pJyf
=dcGv
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Craig White 01-08-2008 12:17 AM

miss-match between needs and setroubleshooter's output recommendations
 
On Mon, 2008-01-07 at 11:52 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gene Heskett wrote:
> > Greetings;
> >
> > I have now been in the center ring of this circus about long enough. selinux
> > is about to get made permissive or disabled.
> >
> > I have now issued these commands:
> >
> > [root@coyote ~]# semanage fcontext -a -t
> > textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root@coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root@coyote ~]# semanage fcontext -a -t
> > textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root@coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> >
> > Twice as can be seen, and restarted firefox each time, and each time selinux
> > denies firefox a plugin it needs to pay this site:
> > <http://ed-tharp.kicks-ass.org/ridingmower.mpg>
> >
> > I now have the third denial showing in the setroubleshooter's screen.
> > -----------------
> >
> > How can I fix this?
> >
> > Thanks.
> >
> Please attach the AVC messages from /var/log/audit/audit.log
>
> This looks like you could be running Firefox as root, which is a bad idea.
>
> ausearch -m avc
>
> Will grab all of the avc messages.
----
let me assure you that he indeed runs firefox as root. We've been down
that road (bad idea) on fedora-list

Craig

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 09:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.