On 03/08/2011 02:18 AM, Antonio Olivares wrote:
>
> --- On Mon, 3/7/11, Adam Williamson<awilliam@xxxxxxxxxx> wrote:
>
>> From: Adam Williamson<awilliam@xxxxxxxxxx>
>> Subject: Re: kernel crash
>> To: "For testers of Fedora development releases"<test@xxxxxxxxxxxxxxxxxxxxxxx>
>> Date: Monday, March 7, 2011, 6:02 PM
>> On Mon, 2011-03-07 at 17:44 -0800,
>> Antonio Olivares wrote:
>>
>>> This was sent to oops page, but not to fedora
>> bugzilla. Is that what the reporting tool should do?
>>
>> Yes. It's also not a crash, but a warning.
>> --
> Then why the damn thing says that it is a kernel crash?
> If it is just a warning, then the tool should just report an oops right?
>
> BTW, the following sealert keeps popping up and a bug has already been filed :(
>
> It is sadly becoming annoying :(
>
> SELinux is preventing /usr/lib/xulrunner-2/plugin-container from name_connect access on the tcp_socket port 5050.
>
> ***** Plugin catchall (100. confidence) suggests ***************************
>
> If you believe that plugin-container should be allowed name_connect access on the port 5050 tcp_socket by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
> 0.c1023
> Target Context system_u:object_r:mmcc_port_t:s0
> Target Objects port 5050 [ tcp_socket ]
> Source plugin-containe
> Source Path /usr/lib/xulrunner-2/plugin-container
> Port 5050
> Host toshiba-satellite
> Source RPM Packages xulrunner-2.0-0.25.b12.fc15
> Target RPM Packages
> Policy RPM selinux-policy-3.9.15-2.fc15
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name toshiba-satellite
> Platform Linux toshiba-satellite
> 2.6.38-0.rc6.git6.1.fc15.i686 #1 SMP Sat Feb 26
> 02:03:01 UTC 2011 i686 i686
> Alert Count 6
> First Seen Thu 03 Mar 2011 08:50:35 PM CST
> Last Seen Mon 07 Mar 2011 07:55:31 PM CST
> Local ID afb8cabc-0526-4409-8185-8412c24eceba
>
> Raw Audit Messages
> type=AVC msg=audit(1299549331.536:133): avc: denied { name_connect } for pid=3337 comm="plugin-containe" dest=5050 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mmcc_port_t:s0 tclass=tcp_socket
>
>
> type=SYSCALL msg=audit(1299549331.536:133): arch=i386 syscall=socketcall success=yes exit=0 a0=3 a1=af4fd080 a2=3729614 a3=0 items=0 ppid=2323 pid=3337 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib/xulrunner-2/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)
>
> Hash: plugin-containe,mozilla_plugin_t,mmcc_port_t,tcp_socket,name_connect
>
> audit2allow
>
> #============= mozilla_plugin_t ==============
> allow mozilla_plugin_t mmcc_port_t:tcp_socket name_connect;
>
> audit2allow -R
>
> #============= mozilla_plugin_t ==============
> allow mozilla_plugin_t mmcc_port_t:tcp_socket name_connect;
>
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=682078
>
> Thanks,
>
> Antonio
I am going to submit a new F15 policy update today. So you can test it
then and increase the karma ;-).
>
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
