SELinux objects to my printing a page from Firefox to a file (sometimes)

taylorkh · Post by **taylorkh** » 2017/08/16 13:38:20

CentOS 7.3 + X Window system + Mate desktop. Firefox 52.2.0.

Occasionally when I attempt to print a page from Firefox to a pdf file I get an SELinux alert. SeLinux is in permissive mode on the machine a the moment. From the SELinux Alert Browser I learn (this is the detail report)

Code: Select all

SELinux is preventing 57656220436F6E74656E74 from create access on the file 4B69636B737461727420486F77546F2E706466.

*****  Plugin mozplugger (99.1 confidence) suggests   ************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
Do
# setsebool -P unconfined_mozilla_plugin_transition 0

*****  Plugin catchall (1.81 confidence) suggests   **************************

If you believe that 57656220436F6E74656E74 should be allowed create access on the 4B69636B737461727420486F77546F2E706466 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '57656220436F6E74656E74' --raw | audit2allow -M my-57656220436F6E74656E74
# semodule -i my-57656220436F6E74656E74.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                4B69636B737461727420486F77546F2E706466 [ file ]
Source                        57656220436F6E74656E74
Source Path                   57656220436F6E74656E74
Port                          <Unknown>
Host                          vmCentOS7Mate
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     vmCentOS7Mate
Platform                      Linux vmCentOS7Mate 3.10.0-514.26.2.el7.x86_64 #1
                              SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64
Alert Count                   19
First Seen                    2017-07-01 08:23:22 EDT
Last Seen                     2017-08-16 08:33:52 EDT
Local ID                      733ebfe4-268d-4f7d-96e9-62e4079753c5

Raw Audit Messages
type=AVC msg=audit(1502886832.128:284): avc:  denied  { create } for  pid=17161 comm=57656220436F6E74656E74 name=4B69636B737461727420486F77546F2E706466 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=AVC msg=audit(1502886832.128:284): avc:  denied  { write } for  pid=17161 comm=57656220436F6E74656E74 path=2F686F6D652F6B656E2F4465736B746F702F4B69636B737461727420486F77546F2E706466 dev="dm-0" ino=33646271 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


Hash: 57656220436F6E74656E74,mozilla_plugin_t,user_home_t,file,create

Yes, I an follow the instructions and turn off SELinux for all Firefox plugins - but SHOULD I? And as to reporting a bug... I do not know what the temporary process is (it is long gone by time the alert appears) and the same goes for the temporary file which I guess eventually becomes my .pdf file. I need some advice.

Thanks,

Ken