Ask Your Question
0

How to turn off SElinux troubleshooter on fire fox?

asked 2014-11-30 01:15:36 -0500

TheDcoder gravatar image

I am trying save my 'clicker heros' progess as a text file but se trouble is blocking it

Details window shows:

SELinux is preventing /usr/lib64/firefox/plugin-container from create access on the file .

*****  Plugin mozplugger (99.1 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall (1.81 confidence) suggests   **************************

If you believe that plugin-container should be allowed create access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                 [ file ]
Source                        plugin-containe
Source Path                   /usr/lib64/firefox/plugin-container
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           firefox-33.1-2.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-193.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.17.3-200.fc20.x86_64
                              #1 SMP Fri Nov 14 19:45:42 UTC 2014 x86_64 x86_64
Alert Count                   5
First Seen                    2014-11-25 12:19:17 EST
Last Seen                     2014-11-29 21:42:02 EST
Local ID                      8e6da713-d9c3-4d1c-b18f-5b08707262d4

Raw Audit Messages
type=AVC msg=audit(1417277522.603:389): avc:  denied  { create } for  pid=2304 comm="plugin-containe" name="clickerHeroSave.txt" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1417277522.603:389): arch=x86_64 syscall=open success=no exit=EACCES a0=7fe082d5d6a0 a1=442 a2=1b6 a3=7fe080392400 items=0 ppid=1851 pid=2304 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=plugin-containe exe=/usr/lib64/firefox/plugin-container subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: plugin-containe,mozilla_plugin_t,user_home_t,file,create

What should i do?

edit retag flag offensive close merge delete

Comments

Have you taken a look at the wiki pages on SELinux? fedoraproject.org/wiki/SELinux_FAQ#How_do_I_enable_or_disable_SELinux_.3F

jcuenod gravatar imagejcuenod ( 2014-11-30 07:11:28 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-11-30 18:09:53 -0500

Read the message, there is a boolean to allow this behavior.

From the error message -

"If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do

setsebool -P unconfined_mozilla_plugin_transition 0"

so run

sudo -i # or su - 
setsebool -P unconfined_mozilla_plugin_transition 0

For more info see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html

FWIW, enabling / disabling booleans is rather trivial ;0

edit flag offensive delete link more

Question Tools

2 followers

Stats

Asked: 2014-11-30 01:15:36 -0500

Seen: 1,762 times

Last updated: Nov 30 '14