Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Mozilla needs to create lock (link) file: msg#00111
|
Subject: |
Re: Mozilla needs to create lock (link) file |
Tom London wrote:
On 9/24/05, Ivan Gyurdiev <ivg2@xxxxxxxxxxx> wrote:
Tom London wrote:
Running strict enforcing, latest rawhide.
Mozilla wants to create a lock/link file:
type=AVC msg=audit(1127586026.834:4165): avc: denied { create } for
pid=3407 comm="firefox-bin" name="lock"
scontext=tbl:staff_r:staff_mozilla_t:s0
tcontext=tbl:object_r:staff_untrusted_content_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1127586026.834:4165): arch=40000003 syscall=83
success=yes exit=0 a0=9d800d0 a1=9d7fd68 a2=8067d00 a3=0 items=2
pid=3407 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="firefox-bin"
exe="/usr/lib/firefox-1.5/firefox-bin"
type=CWD msg=audit(1127586026.834:4165): cwd="/home/tbl"
type=PATH msg=audit(1127586026.834:4165): item=0
name="127.0.0.1:+3407" flags=101
type=PATH msg=audit(1127586026.834:4165): item=1
name="/home/tbl/.mozilla/firefox/yz68q13i.default/lock" flags=10
inode=2786580 dev=03:02 mode=040700 ouid=500 ogid=500 rdev=00:00
allow staff_mozilla_t staff_untrusted_content_t:lnk_file create;
What's the type of /home/tbl/.mozilla? It should be staff_mozilla_home_t
(as well as the type of anything down to the lock level). There's a
profile script
that's supposed to relabel it otherwise.
Nope.
[tbl@fedora firefox]$ ls -ldZ /home/tbl/.mozilla
drwx------ tbl tbl tbl:object_r:staff_untrusted_content_t
/home/tbl/.mozilla
[tbl@fedora firefox]$ ls -ldZ /home/tbl/.mozilla/firefox
drwx------ tbl tbl tbl:object_r:staff_untrusted_content_t
/home/tbl/.mozilla/firefox
[tbl@fedora firefox]$ ls -ldZ /home/tbl/.mozilla/firefox/*default
drwx------ tbl tbl tbl:object_r:staff_untrusted_content_t
/home/tbl/.mozilla/firefox/yz68q13i.default
[tbl@fedora firefox]$
'restorcon -v -R /home/tbl' returns with no output.
Which script?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I'm also running rawhide with the strict policy and most of the time
firefox will not start. I say most of the time because if I reboot with
autorelabel FF will start ok but then if I reboot again without the
autorelabel FF will NOT start. (fixfiles relabel does not clear the
problem). There is an AVC denied for { execmon } comm="firefox-bin"
name="libxpcom_core.so"
scontext=richard:staff_r:staff_mozilla_t:s0-s0:c0.c127
tcontext=system_u:object_r:shlib_t:s0 tclass=file
However, seatatus shows allow_{execmem,execmod,execstack} active!
??
Richard Hally
|
| |
