Running strict/enforcing, latest Rawhide, selinux-policy-strict-1.19.8-4
Starting firefox produces:
Dec 1 18:49:33 fedora kernel: audit(1101955773.849:0): avc: denied { read } for pid=4652 exe=/usr/lib/firefox-1.0/firefox-bin name=tmp dev=hda2 ino=4112455 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:tmp_t tclass=lnk_file
on attempted read of /usr/tmp (link to /var/tmp)
Should there be a dontaudit user_mozilla_t tmp_t:lnk_file read;
in mozilla_macros.te ?
On Thursday 02 December 2004 13:58, Tom London selinux@gmail.com wrote:
Running strict/enforcing, latest Rawhide, selinux-policy-strict-1.19.8-4
Starting firefox produces:
Dec 1 18:49:33 fedora kernel: audit(1101955773.849:0): avc: denied { read } for pid=4652 exe=/usr/lib/firefox-1.0/firefox-bin name=tmp dev=hda2 ino=4112455 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:tmp_t tclass=lnk_file
"restorecon /usr/tmp" should fix this.
Tom London wrote:
Running strict/enforcing, latest Rawhide, selinux-policy-strict-1.19.8-4
Starting firefox produces:
Dec 1 18:49:33 fedora kernel: audit(1101955773.849:0): avc: denied { read } for pid=4652 exe=/usr/lib/firefox-1.0/firefox-bin name=tmp dev=hda2 ino=4112455 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:tmp_t tclass=lnk_file
on attempted read of /usr/tmp (link to /var/tmp)
Should there be a dontaudit user_mozilla_t tmp_t:lnk_file read;
in mozilla_macros.te ?
No /usr/tmp should no longer be labeled tmp_t but usr_t. Try a restorecon on it.
Yeah, that seems to have fixed it.
thanks tom
On Thu, 02 Dec 2004 08:47:07 -0500, Daniel J Walsh dwalsh@redhat.com wrote:
Tom London wrote:
Running strict/enforcing, latest Rawhide, selinux-policy-strict-1.19.8-4
Starting firefox produces:
Dec 1 18:49:33 fedora kernel: audit(1101955773.849:0): avc: denied { read } for pid=4652 exe=/usr/lib/firefox-1.0/firefox-bin name=tmp dev=hda2 ino=4112455 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:tmp_t tclass=lnk_file
on attempted read of /usr/tmp (link to /var/tmp)
Should there be a dontaudit user_mozilla_t tmp_t:lnk_file read;
in mozilla_macros.te ?
No /usr/tmp should no longer be labeled tmp_t but usr_t. Try a restorecon on it.
selinux@lists.fedoraproject.org