Re: Testing requests: blocker bug confirmations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 24 Apr 2017 16:51:22 -0700, Adam Williamson wrote:

> https://bugzilla.redhat.com/show_bug.cgi?id=1439282 (Firefox tabs
> crashing on certain sites)

> For the first one, if you run Firefox (from the Fedora package) on
> Fedora 26, if you see tabs crashing unexpectedly, can you look at the
> bug report (and some of the instructions for getting more information
> on the crashes) and see if your experience matches any of the reporters
> in the bug, and if so add a comment to the bug? On the other hand, if
> you run Firefox (from the Fedora package) on Fedora 26 and you have
> *not* had issues with tabs crashing regularly, please reply to this
> mail and say so.

The latter request is not so helpful, since it turns this into a popularity
contest and may depend on which websites are visited.

The comments in the ticket are very confusing. There number is growing.
Where exactly can clear instructions be found?

For me it's Fedora 25 x86_64 that suffers badly from the tab crashing
problem. Upon visiting ordinary newspaper articles, such as

  http://www.spiegel.de/fotostrecke/nordkorea-feiert-seine-armee-fotostrecke-146898.html

I get "Gah. Your tab just crashed.", and the following SELinux Alert.
Is it related?

SELinux is preventing Chrome_ChildThr from 'read, write' accesses on the file 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429.

*****  Plugin mozplugger (93.0 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall_labels (6.67 confidence) suggests   *******************

If you want to allow Chrome_ChildThr to have read write access on the 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 file
Then you need to change the label on 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429
Do
# semanage fcontext -a -t FILE_TYPE '2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429'
where FILE_TYPE is one of the following: afs_cache_t, cache_home_t, config_home_t, data_home_t, dbus_home_t, gconf_home_t, gkeyringd_gnome_home_t, gnome_home_t, gstreamer_home_t, home_cert_t, icc_data_home_t, mozilla_home_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mplayer_home_t, pulseaudio_home_t, puppet_tmp_t, texlive_home_t, tmpfs_t, user_cron_spool_t, user_fonts_cache_t, user_tmp_t.
Then execute:
restorecon -v '2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429'


*****  Plugin catchall (1.73 confidence) suggests   **************************

If you believe that Chrome_ChildThr should be allowed read write access on the 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'Chrome_ChildThr' --raw | audit2allow -M my-ChromeChildThr
# semodule -X 300 -i my-ChromeChildThr.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:unlabeled_t:s0
Target Objects                2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C
                              612D74656D702D393439353034363331202864656C65746564
                              29 [ file ]
Source                        Chrome_ChildThr
Source Path                   Chrome_ChildThr
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.11.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     noname
Platform                      Linux noname 4.10.6-200.fc25.x86_64 #1 SMP Mon Mar
                              27 14:06:23 UTC 2017 x86_64 x86_64
Alert Count                   14
First Seen                    2017-04-06 22:44:05 CEST
Last Seen                     2017-04-25 13:15:16 CEST
Local ID                      05e95128-fead-4227-a0e9-eed46600a63c

Raw Audit Messages
type=AVC msg=audit(1493118916.89:232): avc:  denied  { read write } for  pid=2099 comm="Chrome_ChildThr" path=2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 dev="dm-4" ino=265855 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0


Hash: Chrome_ChildThr,mozilla_plugin_t,unlabeled_t,file,read,write
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux