Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firefox AVC when enabling non-permissive mode (Arch) #843

Open
spease opened this issue Dec 16, 2024 · 0 comments
Open

Firefox AVC when enabling non-permissive mode (Arch) #843

spease opened this issue Dec 16, 2024 · 0 comments

Comments

@spease
Copy link

spease commented Dec 16, 2024

Getting the following error with firefox that kills it, safe mode and non-safe-mode.

time->Mon Dec 16 09:15:43 2024
type=PROCTITLE msg=audit(1734369343.641:2608): proctitle="/usr/lib/firefox/firefox"
type=SYSCALL msg=audit(1734369343.641:2608): arch=c000003e syscall=56 success=yes exit=101852 a0=10000011 a1=0 a2=0 a3=0 items=0 ppid=2055 pid=101850 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 tty=(none) ses=2 comm="firefox" exe="/usr/lib/firefox/firefox" subj=system_u:system_r:kernel_t key=(null)
type=AVC msg=audit(1734369343.641:2608): avc:  denied  { create } for  pid=101850 comm="firefox" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=user_namespace permissive=1
----
time->Mon Dec 16 09:15:43 2024
type=PROCTITLE msg=audit(1734369343.711:2609): proctitle="/usr/lib/firefox/firefox"
type=SYSCALL msg=audit(1734369343.711:2609): arch=c000003e syscall=9 success=yes exit=30504631468032 a0=1bbe69b90000 a1=10000 a2=5 a3=32 items=0 ppid=2055 pid=101850 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 tty=(none) ses=2 comm="firefox" exe="/usr/lib/firefox/firefox" subj=system_u:system_r:kernel_t key=(null)
type=AVC msg=audit(1734369343.711:2609): avc:  denied  { execmem } for  pid=101850 comm="firefox" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=process permissive=1

Binary seems to be correctly labeled:

.rwxr-xr-x 862k root system_u:object_r:mozilla_exec_t 11 Dec 03:21 /usr/lib/firefox/firefox

This is very early in my SELinux journey, so it's also possible something on my system is misconfigured. Happy to read more about SELinux if I haven't provided enough information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant