npviever on rawhide: denied avcs

Daniel J Walsh dwalsh at redhat.com
Fri Oct 3 13:11:09 UTC 2008 

Antonio Olivares wrote:
> 
> 
> --- On Thu, 10/2/08, Antonio Olivares <olivares14031 at yahoo.com> wrote:
> 
>> From: Antonio Olivares <olivares14031 at yahoo.com>
>> Subject: npviever on rawhide: denied avcs
>> To: fedora-selinux-list at redhat.com
>> Cc: fedora-test-list at redhat.com
>> Date: Thursday, October 2, 2008, 5:21 PM
>> Dear all,
>>
>> Doing a dmesg I see some denied avcs for npviewer 
>>
>> I will attach the file,  I have not seen setroubleshoot
>> kick in to warn me about these avcs.  Has anyone else seen
>> these?
>>
>> Thanks,
>>
>> Antonio 
>>
>>
>>       -- 
>> fedora-test-list mailing list
>> fedora-test-list at redhat.com
>> To unsubscribe: 
>> https://www.redhat.com/mailman/listinfo/fedora-test-list
> 
> Messages were not attached, file too big :(
> 
> Here's preview :)
> 
> type=1400 audit(1222991578.902:1308): avc:  denied  { search } for  pid=17937 comm="npviewer.bin" name="dbus" dev=dm-0 ino=3276847 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
> type=1400 audit(1222991578.902:1309): avc:  denied  { create } for  pid=17937 comm="npviewer.bin" scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
> type=1400 audit(1222991578.903:1310): avc:  denied  { create } for  pid=17937 comm="npviewer.bin" scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
> type=1400 audit(1222991578.922:1311): avc:  denied  { search } for  pid=17937 comm="npviewer.bin" name="dbus" dev=dm-0 ino=3276847 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
> 
> 
> Thanks,
> 
> Antonio 
> 
> 
>       
> 
Looks like npviewer is becoming dbus aware.  I will allow it to connect
to the dbus server, but I am not sure what service it is trying to
communicate with.

More information about the fedora-selinux-list mailing list