Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160363 - Selinux deny to work
Summary: Selinux deny to work
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-14 18:55 UTC by Sami Keski-Kasari
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-09-15 15:59:09 UTC

Attachments (Terms of Use)

Description Sami Keski-Kasari 2005-06-14 18:55:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
I updated today selinux-policy-targeted to 1.17.30-3.2.
After upgrade Macromedia flashplayer doesn't work anymore. 

In dmesg there is error message:
audit(1118774466.618:0): avc:  denied  { execmod } for  pid=4806 comm=firefox-bin path=/home/samikk/.mozilla/plugins/ dev=hdh6 ino=227461 scontext=user_u:system_r:unconfined_t tcontext=user_u:object_r:user_home_t tclass=file

ls -laZ in /home/samikk/.mozilla/plugins/ says

-rw-r--r--  samikk   samikk   user_u:object_r:user_home_t      flashplayer.xpt
-rwxr-xr-x  samikk   samikk   user_u:object_r:user_home_t

I tried to reinstall flashplayer via firefox software installer but it didn't help.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.install flashplayer plugin
2.start firefox

Additional info:

Comment 1 Daniel Walsh 2005-06-15 14:52:11 UTC
If you execute 

setsebool -P allow_execmod=1

as root, Does that fix the problem?

Comment 2 Sami Keski-Kasari 2005-06-15 18:21:00 UTC
(In reply to comment #1)
> If you execute 
> setsebool -P allow_execmod=1
> as root, Does that fix the problem?

No it doesn't

After that command in dmesg there is message:
security: committed booleans { allow_execstack:1, allow_execmem:1, allow_execmod
:1, use_nfs_home_dirs:0, use_samba_home_dirs:0, allow_ypbind:1, allow_kerberos:1
, httpd_unified:1, httpd_builtin_scripting:0, httpd_enable_cgi:1, httpd_enable_h
omedirs:1, httpd_ssi_exec:1, httpd_tty_comm:0, httpd_can_network_connect:0, http
d_disable_trans:0, dhcpd_disable_trans:0, mysqld_disable_trans:0, named_disable_
trans:0, named_write_master_zones:0, nscd_disable_trans:0, ntpd_disable_trans:0,
 portmap_disable_trans:0, postgresql_disable_trans:0, snmpd_disable_trans:0, squ
id_disable_trans:0, syslogd_disable_trans:0, use_syslogng:0, winbind_disable_tra
ns:0, ypbind_disable_trans:0 }

But when I restart firefox there comes still same error message:
audit(1118859238.775:0): avc:  denied  { execmod } for  pid=6621 comm=firefox-bi
n path=/home/samikk/.mozilla/plugins/ dev=hdh6 ino=227461 scont
ext=user_u:system_r:unconfined_t tcontext=user_u:object_r:user_home_t tclass=fil e

Comment 3 Daniel Walsh 2005-06-15 18:31:33 UTC
Fixed in selinux-policy-targeted-1.17.30-3.9

Comment 4 Sami Keski-Kasari 2005-06-15 19:02:39 UTC
(In reply to comment #3)
> Fixed in selinux-policy-targeted-1.17.30-3.9

Yes, it works again with that version


Comment 5 Keunwoo Lee 2005-07-01 18:20:16 UTC
Broken again in selinux-policy-targeted-1.17.30-3.13.  Flash plugin doesn't
work, and doing /usr/sbin/setenforce 0 makes it work.

Note You need to log in before you can comment on or make changes to this bug.