View Issue Details

IDProjectCategoryView StatusLast Update
0014256CentOS-7selinux-policypublic2018-01-12 22:34
ReporterFranck 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014256: SELinux is preventing /usr/lib64/firefox/plugin-container from 'create' accesses on the file 457272657572207364582E706466.
DescriptionDescription of problem:
SELinux is preventing /usr/lib64/firefox/plugin-container from 'create' accesses on the file 457272657572207364582E706466.

***** Plugin mozplugger (99.1 confidence) suggests ************************

If vous voulez utiliser le paquet plugin
Then vous devez désactiver les contrôles SELinux sur les extensions Firefox.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

***** Plugin catchall (1.81 confidence) suggests **************************

If vous pensez que plugin-container devrait être autorisé à accéder create sur 457272657572207364582E706466 file par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects 457272657572207364582E706466 [ file ]
Source 57656220436F6E74656E74
Source Path /usr/lib64/firefox/plugin-container
Port <Unknown>
Host (removed)
Source RPM Packages firefox-52.5.0-1.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.5.2.el7.x86_64 #1 SMP
                              Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2017-12-08 16:55:49 -03
Last Seen 2017-12-08 16:55:49 -03
Local ID b39b5991-4e46-4016-9c74-582cd6dc3cbd

Raw Audit Messages
type=AVC msg=audit(1512762949.471:8716): avc: denied { create } for pid=1620 comm=57656220436F6E74656E74 name=457272657572207364582E706466 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1512762949.471:8716): arch=x86_64 syscall=open success=no exit=EACCES a0=7fcd10bc2340 a1=c1 a2=1b6 a3=0 items=0 ppid=1558 pid=1620 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=26 comm=57656220436F6E74656E74 exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: 57656220436F6E74656E74,mozilla_plugin_t,user_home_t,file,create

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.5.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash70c5edf57f0dd9fb3dc2347d802e76f6eec7eb7a60ed57cb7d476cff5ba51b76
URL

Activities

claudiofs

claudiofs

2018-01-10 01:36

reporter   ~0030900

Another user experienced a similar problem:

When I went to shut down the computer, a message appeared to update Thunderbird and restart. I did the procedure and now SELinux reports the error at all times.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.11.6.el7.x86_64
package: selinux-policy-3.13.1-166.el7_4.7.noarch
reason: SELinux is preventing /usr/lib64/firefox/plugin-container from 'create' accesses on the file 436F72726563616F20646F206D657520637572726963756C6F202D20656D20496E676C65732E706466.
reproducible: Not sure how to reproduce the problem
type: libreport
KeyZerZooZee

KeyZerZooZee

2018-01-12 22:28

reporter   ~0030923

Another user experienced a similar problem:

Use Firefox ESR 52.5.1 (64-bit) -> login to protonmail.com/login -> open mail -> from the menu on top right hand corner of the show mail menu choose "print" -> opens CentOS 7 pop up menu -> from pop up menu choose "Print to file" and try to print the mail to a new .pdf file.

Could not locate the file I tried to print BUT I found this SEL problem repport witch explained all.
However the "generate local policy" option failed as it gave this output from my terminal:

[keyzerzoozee@localhost ~]$ sudo ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
Nothing to do
[keyzerzoozee@localhost ~]$ sudo semodule -i my-57656220436F6E74656E74.pp
libsemanage.map_file: Unable to open my-57656220436F6E74656E74.pp
 (No such file or directory).
libsemanage.semanage_direct_install_file: Unable to read file my-57656220436F6E74656E74.pp
 (No such file or directory).
semodule: Failed on my-57656220436F6E74656E74.pp!

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.11.6.el7.x86_64
package: selinux-policy-3.13.1-166.el7_4.7.noarch
reason: SELinux is preventing /usr/lib64/firefox/plugin-container from 'create' accesses on the file 56696E647374C3B8645F70627341666D656C64745F626574616C696E677370C3A56D696E64656C73652B6167746572536B6966742B6D616E676C65724F70736967656C73655F6E7974456C73656C736B6162.
reproducible: Not sure how to reproduce the problem
type: libreport
KeyZerZooZee

KeyZerZooZee

2018-01-12 22:34

reporter   ~0030924

Another user experienced a similar problem:

Same procedure as just before BUT I wanted to make sure the SEL surgested solution didn't solve issue as I suspected given the output from terminal after doing the steps to generate local policy.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.11.6.el7.x86_64
package: selinux-policy-3.13.1-166.el7_4.7.noarch
reason: SELinux is preventing /usr/lib64/firefox/plugin-container from 'create' accesses on the file 56696E647374C3B8645F41666D656C6474504253.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2017-12-08 20:02 Franck New Issue
2018-01-10 01:36 claudiofs Note Added: 0030900
2018-01-12 22:28 KeyZerZooZee Note Added: 0030923
2018-01-12 22:34 KeyZerZooZee Note Added: 0030924