fedora selinux mozilla problem

[rituraj.goswami]

i am getting the folowing selinux error while using firefox 3.0.10


Summary:

SELinux is preventing the npviewer.bin from using potentially mislabeled files
(/home/raj/.icedteaplugin/icedtea-plugin-to-appletviewer).

Detailed Description:

SELinux has denied npviewer.bin access to potentially mislabeled file(s)
(/home/raj/.icedteaplugin/icedtea-plugin-to-appletviewer). This means that
SELinux will not allow npviewer.bin to use these files. It is common for users
to edit files in their home directory or tmp directories and then move (mv) them
to system directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.

Allowing Access:

If you want npviewer.bin to access this files, you need to relabel them using
restorecon -v '/home/raj/.icedteaplugin/icedtea-plugin-to-appletviewer'. You
might want to relabel the entire directory using restorecon -R -v '<Unknown>'.

Additional Information:

Source Context unconfined_u:unconfined_r:nsplugin_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects /home/raj/.icedteaplugin/icedtea-plugin-to-
appletviewer [ fifo_file ]
Source npviewer.bin
Source Path /usr/lib/nspluginwrapper/npviewer.bin
Port <Unknown>
Host station100.example.com
Source RPM Packages nspluginwrapper-1.1.2-4.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-18.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name station100.example.com
Platform Linux station100.example.com
2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59
EST 2008 i686 i686
Alert Count 6
First Seen Thu 21 May 2009 11:21:36 AM IST
Last Seen Thu 21 May 2009 11:58:24 AM IST
Local ID 64a8213d-7785-4fc3-a071-486cfb300444
Line Numbers

Raw Audit Messages

node=station100.example.com type=AVC msg=audit(1242887304.371:55): avc: denied { write } for pid=4218 comm="npviewer.bin" path="/home/raj/.icedteaplugin/icedtea-plugin-to-appletviewer" dev=sda3 ino=1660558 scontext=unconfined_u:unconfined_r:nsplugin_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=fifo_file

node=station100.example.com type=AVC msg=audit(1242887304.371:55): avc: denied { read } for pid=4218 comm="npviewer.bin" path="/home/raj/.icedteaplugin/icedtea-appletviewer-to-plugin" dev=sda3 ino=1660246 scontext=unconfined_u:unconfined_r:nsplugin_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=fifo_file

node=station100.example.com type=SYSCALL msg=audit(1242887304.371:55): arch=40000003 syscall=11 success=yes exit=0 a0=92a17f8 a1=92a2110 a2=92a25e0 a3=0 items=0 ppid=2841 pid=4218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0 key=(null)





does anone have any idea whatz wrong????? i'm totally going to get lost. and is anyone getting error no 999 while using yahoomail. ihave stopped using yahoomail because it crashes in fedora 10. windows works fine. nay help is appreceated.

[jayd512]

Honestly, I've never had anything but issues with SELinux, so on a home computer I get rid of it as fast as I can.
Considering that it is a security program, though, the documentation on it may interest you:
Getting Started with SE Linux HOWTO: the new SE Linux

[rituraj.goswami]

i'm a RHCE and seriously speaking i love SELINUX but it can be maddning at times. i have read all that i could on selinux and i love the security i provides. but at times it makes me tear my hair.

[jayd512]

Ah... I see.
Then hopefully another member that deals with SELinux will come along and be of more help than I.

[daark.child]

If this is a desktop or workstation, you could try setting selinux to permissive mode as the default because it seems to be less hassle than the enforcing mode.