Re: swapping

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Tue, 17 Feb 2015 05:01:29 -0800

On 02/17/2015 02:16 AM, Patrick Dupre wrote:
> It is very long.
> Just the end.
>
>
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.864:452969): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.864:452969): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25724 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.864:452969): avc:  denied  { execute } for  pid=25724 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.864:452970): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.864:452970): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25724 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.864:452970): avc:  denied  { execute } for  pid=25724 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.915:452971): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.915:452971): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25730 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.915:452971): avc:  denied  { execute } for  pid=25730 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.915:452972): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.915:452972): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25730 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.915:452972): avc:  denied  { execute } for  pid=25730 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.977:452973): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.977:452973): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25734 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.977:452973): avc:  denied  { execute } for  pid=25734 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:08 2015
> type=PROCTITLE msg=audit(1424168108.977:452974): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168108.977:452974): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25734 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168108.977:452974): avc:  denied  { execute } for  pid=25734 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
> ----
> time->Tue Feb 17 11:15:09 2015
> type=PROCTITLE msg=audit(1424168109.059:452975): proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C7567696E732D777261707065642F6E73777261707065725F33325F36342E6C6962666C617368706C617965722E736F002D6772656F6D6E69002F7573722F6C696236342F666972
> type=SYSCALL msg=audit(1424168109.059:452975): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=223800 a2=5 a3=802 items=0 ppid=16828 pid=25739 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=916 comm="plugin-containe" exe="/usr/lib64/firefox/plugin-container" subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1424168109.059:452975): avc:  denied  { execute } for  pid=25739 comm="plugin-containe" path="/usr/lib64/mozilla/plugins-wrapped/nswrapper_32_64.libflashplayer.so" dev="dm-0" ino=241943 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mozilla_plugin_rw_t:s0 tclass=file permissive=0
>
> ===========================================================================
>  Patrick DUPRÉ                                 | | email: pdupre@xxxxxxx
>  Laboratoire de Physico-Chimie de l'Atmosphère | |
>  Université du Littoral-Côte d'Opale           | |
>  Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
>  189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
> ===========================================================================
>
>
>> Sent: Sunday, February 15, 2015 at 7:21 PM
>> From: "Chris Murphy" <lists@xxxxxxxxxxxxxxxxx>
>> To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
>> Subject: Re: swapping
>>
>> ausearch -m AVC
>> -- 
>> users mailing list
>> users@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change subscription options:
>> https://admin.fedoraproject.org/mailman/listinfo/users
>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>> Have a question? Ask away: http://ask.fedoraproject.org
>>
Is that the standard location for these files?

Here is where flash is installed on my box.

/usr/lib64/flash-plugin/libflashplayer.so
/usr/lib64/mozilla/plugins/libflashplayer.so

The problem is we are not allowing plugins to write and execute in the
same directory.

You can either see about moving this file or just adding a custom policy
module.

# grep flash /var/log/audit/audit.log | audit2allow -m myflash
# semodule -i myflash.pp

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org