-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > Dear all, > > I am getting to see the following errors that slow > down my machine and take CPU to 100% > > Thanks, > > Antonio > > Summary: > > SELinux is preventing npviewer.bin (nsplugin_t) "read" > to controlC0 > (sound_device_t). > > Detailed Description: > > SELinux denied access requested by npviewer.bin. It is > not expected that this > access is required by npviewer.bin and this access may > signal an intrusion > attempt. It is also possible that the specific version > or configuration of the > application is causing it to require additional > access. > > Allowing Access: > > Sometimes labeling problems can cause SELinux denials. > You could try to restore > the default system file context for controlC0, > > restorecon -v 'controlC0' > > If this does not work, there is currently no automatic > way to allow this access. > Instead, you can generate a local policy module to > allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) > Or you can disable > SELinux protection altogether. Disabling SELinux > protection is not recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context > unconfined_u:unconfined_r:nsplugin_t:SystemLow- > SystemHigh > Target Context > system_u:object_r:sound_device_t > Target Objects controlC0 [ chr_file ] > Source npviewer.bin > Source Path > /usr/lib/nspluginwrapper/npviewer.bin > Port <Unknown> > Host localhost > Source RPM Packages > nspluginwrapper-0.9.91.5-23.fc9 > Target RPM Packages > Policy RPM > selinux-policy-3.3.1-9.fc9 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall_file > Host Name localhost > Platform Linux localhost > 2.6.25-0.80.rc3.git2.fc9 #1 SMP > Fri Feb 29 18:17:34 EST > 2008 i686 athlon > Alert Count 2689 > First Seen Tue 26 Feb 2008 03:24:34 > PM CST > Last Seen Mon 03 Mar 2008 03:54:56 > PM CST > Local ID > 469b1532-4ab3-4757-be58-2248cc0f9f05 > Line Numbers > > Raw Audit Messages > > host=localhost type=AVC > msg=audit(1204581296.416:2216): avc: denied { read } > for pid=1218 comm="npviewer.bin" name="controlC0" > dev=tmpfs ino=5312 > scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:sound_device_t:s0 > tclass=chr_file > > host=localhost type=SYSCALL > msg=audit(1204581296.416:2216): arch=40000003 > syscall=5 success=no exit=-13 a0=bfe497f2 a1=0 a2=1e > a3=bfe497f2 items=0 ppid=32748 pid=1218 auid=500 > uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 > sgid=500 fsgid=500 tty=(none) ses=1 > comm="npviewer.bin" > exe="/usr/lib/nspluginwrapper/npviewer.bin" > subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 > key=(null) > > > > Just add the rule using audit2allow. I will add tonight. > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfNZN8ACgkQrlYvE4MpobNxTgCgplKlWIMqwGT5C5vpfIFq9+kI XNYAnjZhaNkPYJ1mcwIzZHADiSfpxp/m =P1g6 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
