FC12: 'sandbox -X' AVC's

"Christoph A." <casmls@xxxxxxxxx> · Thu, 17 Dec 2009 17:49:19 +0100

Hi,

after watching Dan's presentation (LPC) about sandbox
in Fedora 12 I wanted to try it out, but I was not successfull.

I tried 'sandbox  -X xterm'
and 'sandbox -X firefox' but both crashed immedeately, and I got AVC's.

package versions:

selinux-policy-targeted-3.6.32-56.fc12.noarch
policycoreutils-2.0.74-17.fc12.i686
policycoreutils-sandbox-2.0.74-17.fc12.i686
selinux-policy-3.6.32-56.fc12.noarch
policycoreutils-python-2.0.74-17.fc12.i686

avc's for 'sandbox -X firefox' attached.

Is this a known issue or should this work?

thanks!
Christoph

type=AVC msg=audit(1261071051.587:64): avc:  denied  { search } for  pid=2345 comm="sandboxX.sh" name="/" dev=devpts ino=1 scontext=unconfined_u:unconfined_r:sandbox_x_t:s0:c286,c726 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071051.587:64): arch=40000003 syscall=5 success=no exit=-13 a0=8648008 a1=8802 a2=0 a3=0 items=0 ppid=2344 pid=2345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="sandboxX.sh" exe="/bin/bash" subj=unconfined_u:unconfined_r:sandbox_x_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.029:65): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.029:65): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.035:66): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.035:66): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.039:67): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.039:67): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.049:68): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.049:68): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.059:69): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.059:69): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.062:70): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.062:70): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.065:71): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.065:71): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.068:72): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.068:72): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.072:73): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.072:73): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.084:74): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.084:74): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.084:75): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.084:75): arch=40000003 syscall=10 success=no exit=-13 a0=bfb5ce7c a1=0 a2=bfb5df7b a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.090:76): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.090:76): arch=40000003 syscall=10 success=no exit=-13 a0=bfb5df7b a1=ffffffc8 a2=bfb5df7b a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.097:77): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.097:77): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.101:78): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.101:78): arch=40000003 syscall=33 success=no exit=-13 a0=bfb5ce7c a1=5 a2=bfb5ce7c a3=bfb60186 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.104:79): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.104:79): arch=40000003 syscall=85 success=no exit=-13 a0=bfb5df7b a1=bfb578dd a2=10fd a3=bfb5bd7d items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.117:80): avc:  denied  { read } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.117:80): arch=40000003 syscall=5 success=no exit=-13 a0=805405f a1=98800 a2=20 a3=1 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.120:81): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.120:81): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.120:82): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.120:82): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.127:83): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.127:83): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.127:84): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.127:84): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.136:85): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.136:85): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.146:86): avc:  denied  { search } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.146:86): arch=40000003 syscall=83 success=no exit=-13 a0=bfb5bd7d a1=bfb5df7b a2=bfb5bd7d a3=bfb5df7b items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.149:87): avc:  denied  { read } for  pid=2366 comm="plugin-config" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.149:87): arch=40000003 syscall=5 success=no exit=-13 a0=805405f a1=98800 a2=20 a3=1 items=0 ppid=2364 pid=2366 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.476:88): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071053.476:88): arch=40000003 syscall=156 success=no exit=-13 a0=948 a1=0 a2=bfaed268 a3=b780e6e0 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.640:89): avc:  denied  { read } for  pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.640:89): arch=40000003 syscall=5 success=no exit=-13 a0=b75a2858 a1=98800 a2=51d3844 a3=b754f280 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071053.878:90): avc:  denied  { read } for  pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071053.878:90): arch=40000003 syscall=5 success=no exit=-13 a0=b75a2858 a1=98800 a2=51d3844 a3=b754f280 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.146:91): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.146:91): arch=40000003 syscall=156 success=no exit=-13 a0=949 a1=0 a2=b72ffd9c a3=b72ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.348:92): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.348:92): arch=40000003 syscall=156 success=no exit=-13 a0=948 a1=0 a2=bfe906b8 a3=b77206e0 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.533:93): avc:  denied  { read } for  pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071054.533:93): arch=40000003 syscall=5 success=no exit=-13 a0=b74a2798 a1=98800 a2=51d3844 a3=b744f300 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.845:94): avc:  denied  { read } for  pid=2376 comm="firefox" name="plugins-wrapped" dev=dm-0 ino=58519 scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=system_u:object_r:nsplugin_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1261071054.845:94): arch=40000003 syscall=5 success=no exit=-13 a0=b74a2798 a1=98800 a2=51d3844 a3=b744f300 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071054.908:95): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071054.908:95): arch=40000003 syscall=156 success=no exit=-13 a0=94a a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.034:96): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.034:96): arch=40000003 syscall=156 success=no exit=-13 a0=94b a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.043:97): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.043:97): arch=40000003 syscall=156 success=no exit=-13 a0=94c a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)
type=AVC msg=audit(1261071055.043:98): avc:  denied  { setsched } for  pid=2376 comm="firefox" scontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tcontext=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 tclass=process
type=SYSCALL msg=audit(1261071055.043:98): arch=40000003 syscall=156 success=no exit=-13 a0=94d a1=0 a2=b71ffd9c a3=b71ffb70 items=0 ppid=2361 pid=2376 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.5/firefox" subj=unconfined_u:unconfined_r:sandbox_x_client_t:s0:c286,c726 key=(null)

Attachment:
signature.asc

Description: OpenPGP digital signature
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list