Re: FC12: 'sandbox -X' AVC's (gnash-plugin)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 17.12.2009 20:46, Daniel J Walsh wrote:
> sandbox -t sandbox_web_t firefox 
>
> Should work for firefox.

sandbox -X -t sandbox_web_t firefox
comes up fine, thanks!

I also installed gnash-plugin and some codecs from RPM Fusion, if I go
to a website that contains flash movies gtk-gnash crashes (only within
the sandbox).

I guess gtk-gnash is not allowed to interact with pulse?
AVC's attached.

> Not sure what is going wrong with sandbox -X xterm.
Sorry, this was my fault, xterm was not on that machine.

thanks,
Christoph

type=AVC msg=audit(1261101935.041:20655): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-986868841" dev=tmpfs ino=21987 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:sandbox_web_client_tmpfs_t:s0:c296,c900 tclass=file
type=SYSCALL msg=audit(1261101935.041:20655): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.060:20656): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-2007891928" dev=tmpfs ino=21328 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.060:20656): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.070:20657): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-3816963912" dev=tmpfs ino=16051 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.070:20657): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.075:20658): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-824094764" dev=tmpfs ino=15246 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.075:20658): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.082:20659): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-4071679661" dev=tmpfs ino=13498 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.082:20659): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.084:20660): avc:  denied  { read } for  pid=2553 comm="gtk-gnash" name="pulse-shm-3402493802" dev=tmpfs ino=13327 scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
type=SYSCALL msg=audit(1261101935.084:20660): arch=40000003 syscall=5 success=no exit=-13 a0=bfe4f0f0 a1=a0000 a2=0 a3=bfe4f1dd items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=AVC msg=audit(1261101935.119:20661): avc:  denied  { sendto } for  pid=2553 comm="gtk-gnash" scontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tcontext=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1261101935.119:20661): arch=40000003 syscall=102 success=no exit=-13 a0=9 a1=bfe4cac0 a2=240a608 a3=0 items=0 ppid=2543 pid=2553 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gtk-gnash" exe="/usr/bin/gtk-gnash" subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 key=(null)
type=ANOM_ABEND msg=audit(1261101935.121:20662): auid=500 uid=500 gid=500 ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_t:s0:c509,c609 pid=2553 comm="gtk-gnash" sig=6

Attachment: signature.asc
Description: OpenPGP digital signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux