miss-match between needs and setroubleshooter's output recommendations
Craig White
craigwhite at azapple.com
Tue Jan 8 01:17:25 UTC 2008
On Mon, 2008-01-07 at 11:52 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gene Heskett wrote:
> > Greetings;
> >
> > I have now been in the center ring of this circus about long enough. selinux
> > is about to get made permissive or disabled.
> >
> > I have now issued these commands:
> >
> > [root at coyote ~]# semanage fcontext -a -t
> > textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root at coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root at coyote ~]# semanage fcontext -a -t
> > textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> > [root at coyote ~]# chcon -t textrel_shlib_t /root/.mozilla/plugins/vorbisrend.so
> >
> > Twice as can be seen, and restarted firefox each time, and each time selinux
> > denies firefox a plugin it needs to pay this site:
> > <http://ed-tharp.kicks-ass.org/ridingmower.mpg>
> >
> > I now have the third denial showing in the setroubleshooter's screen.
> > -----------------
> >
> > How can I fix this?
> >
> > Thanks.
> >
> Please attach the AVC messages from /var/log/audit/audit.log
>
> This looks like you could be running Firefox as root, which is a bad idea.
>
> ausearch -m avc
>
> Will grab all of the avc messages.
----
let me assure you that he indeed runs firefox as root. We've been down
that road (bad idea) on fedora-list
Craig
More information about the fedora-selinux-list
mailing list