On 05/09/2016 01:39 PM, Rick Stevens wrote:
On 05/09/2016 12:19 PM, CS DBA wrote:
Hi All;
I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now
at Firefox 46.0.1) I've been getting these SELINUX alerts:
The source process: 57656220436F6E74656E74
Attempted this access: create
On this rawip_socket:
The alert gives me 2 choices:
1) If I want to use the plugin package:
you must turn off SELinux controls on the Firefox plugins.
# setsebool -P unconfined_mozilla_plugin_transition 0
2) If I believe that 57656220436F6E74656E74 should be allowed to create
access on the Unknown rawip_socket by default:
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 57656220436F6E74656E74 --raw | audit2allow -M mypol
# semodule -i mypol.pp
If I click on "Plugin Details" I get this:
SELinux is preventing 57656220436F6E74656E74 from create access on the
rawip_socket Unknown.
Plugin: catchall
you want to allow 57656220436F6E74656E74 to have create access on the
Unknown
rawip_socketIf you believe that 57656220436F6E74656E74 should be allowed
create access on the Unknown rawip_socket by default.
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 57656220436F6E74656E74 --raw | audit2allow -M mypol
# semodule -i mypol.pp
Thoughts? Is this a bug? Should I run the setsebool command to allow
access?
Smells fishy. I can't see an Internet website having any legitimate
need to open a raw IP socket and I really don't see Firefox needing to
do such a thing for normal operations. A web interface to an internal
process, perhaps, but not a website.
BTW, the digits given, if used as a hex representation of a string,
equate to "Web content". Hmmmmmmmmm......... I sure as heck wouldn't
enable the boolean or add a policy.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- I haven't lost my mind. It's backed up on tape somewhere, but -
- probably not recoverable. -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
http://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Should I be concerned that my laptop has been compromised? Time to
install clamav? Or re-install fedora completely?
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
http://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
