SPICE plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just got this when trying to use the SPICE plugin.  The alert browser
is telling me that I need to:

  setsebool -P unconfined_mozilla_plugin_transition 0

Is there any more target way to make this work?

SELinux is preventing /usr/bin/remote-viewer from read access on the
file /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4.

*****  Plugin restorecon (57.3 confidence) suggests
*************************

If you want to fix the label.
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
default label should be fonts_cache_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4

*****  Plugin mozplugger (43.1 confidence) suggests
*************************

If you want to use the spice-xpi package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall (1.06 confidence) suggests
***************************

If you believe that remote-viewer should be allowed read access on the
beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep remote-viewer /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context
unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                system_u:object_r:auth_cache_t:s0
Target Objects
/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99c
                              e0c0-le64.cache-4 [ file ]
Source                        remote-viewer
Source Path                   /usr/bin/remote-viewer
Port                          <Unknown>
Host                          ian.penurio.us
Source RPM Packages           virt-viewer-0.5.6-1.fc19.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.12.1-74.14.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     ian.penurio.us
Platform                      Linux ian.penurio.us
3.11.10-200.fc19.x86_64 #1
                              SMP Mon Dec 2 20:28:03 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-12-09 11:19:32 CST
Last Seen                     2013-12-09 11:19:32 CST
Local ID                      44b7c402-60fc-4573-8a7f-0d065c5ff85b

Raw Audit Messages
type=AVC msg=audit(1386609572.209:484): avc:  denied  { read } for
pid=15147 comm="remote-viewer"
name="beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4" dev="dm-1"
ino=13121
scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auth_cache_t:s0 tclass=file


type=AVC msg=audit(1386609572.209:484): avc:  denied  { open } for
pid=15147 comm="remote-viewer"
path="/var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4"
dev="dm-1" ino=13121
scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auth_cache_t:s0 tclass=file


type=SYSCALL msg=audit(1386609572.209:484): arch=x86_64 syscall=open
success=yes exit=ENOTTY a0=24bc310 a1=80000 a2=3126fba788 a3=0 items=0
ppid=15138 pid=15147 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=22 tty=(none)
comm=remote-viewer exe=/usr/bin/remote-viewer
subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: remote-viewer,mozilla_plugin_t,auth_cache_t,file,read

-- 
========================================================================
Ian Pilcher                                         arequipeno@xxxxxxxxx
           Sent from the cloud -- where it's already tomorrow
========================================================================

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux