mozilla not starting in enforcing mode
Richard Hally
rhallyx at mindspring.com
Mon Jun 21 00:47:20 UTC 2004
After the most recent update to the strict policy
(selinux-policy-strict-1.13.7-1), Mozilla web browser will not start in
enforcing mode. It does *not* produce *any* avc denied messages in
enforcing mode. Below are the avc denied messages that are produced when
it does start in permissive mode:
Jun 20 20:31:30 new2 kernel: audit(1087777890.697:0): avc: denied {
write } for pid=3471 exe=/usr/lib/mozilla-1.6/mozilla-xremote-client
name=X0 dev=hda2 ino=1840568 scontext=richard:staff_r:staff_mozilla_t
tcontext=system_u:object_r:xdm_tmp_t tclass=sock_file
Jun 20 20:31:34 new2 kernel: audit(1087777894.263:0): avc: denied {
unlink } for pid=3457 exe=/usr/lib/mozilla-1.6/mozilla-bin
name=.fonts.cache-1 dev=hda2 ino=1091707
scontext=richard:staff_r:staff_mozilla_t
tcontext=richard:object_r:staff_home_t tclass=file
Here is part of the output from fixfiles relabel prior to testing this
problem :
/usr/sbin/setfiles: read 1499 specifications
/usr/sbin/setfiles: labeling files under /
/usr/sbin/setfiles: relabeling /home/richard/.fonts.cache-1 from
richard:object_r:staff_mozilla_rw_t to richard:object_r:staff_home_t
/usr/sbin/setfiles: relabeling /.autofsck from system_u:object_r:root_t
to system_u:object_r:default_t
/usr/sbin/setfiles: hash table stats: 374956 elements, 62564/65536
buckets used, longest chain length 15
HTH
Richard Hally
More information about the fedora-selinux-list
mailing list