new avc's on rawhide

Daniel J Walsh dwalsh at redhat.com
Thu Dec 11 14:36:56 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear all,
> 
> Selinux is denying some unknown things which I have no idea here:
> 
> type=1401 audit(1229001124.306:10): security_compute_sid:  invalid context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=process
> type=1401 audit(1229001126.375:11): security_compute_sid:  invalid context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=process
> type=1401 audit(1229001143.573:12): security_compute_sid:  invalid context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=process
> 
> type=1401 audit(1228999637.368:5): security_compute_sid:  invalid context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=process
> type=1401 audit(1228999646.221:6): security_compute_sid:  invalid context unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=process
> npviewer.bin[9213] general protection ip:1132f8c sp:bf86f140 error:0 in libflashplayer.so[dc7000+951000]
> 
> Thanks,
> 
> Antonio 
> 
> 
>       
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in selinux-policy-3.6.1-10.fc11

If you want to fix it for now, you need to add the rule

 gen_require(`
	type unconfined_java_t;
	role unconfined_r;
')

role unconfined_r types unconfined_java_t;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklBJYgACgkQrlYvE4MpobMQwwCfaintHBXDgpqQAtJB+Tb7OH0K
bgkAnRGysRi6Crk4mKSjqeGIdn40FeoE
=DyUs
-----END PGP SIGNATURE-----




More information about the fedora-selinux-list mailing list