On Mon, 24 Apr 2017 16:51:22 -0700, Adam Williamson wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1439282 (Firefox tabs > crashing on certain sites)
> For the first one, if you run Firefox (from the Fedora package) on > Fedora 26, if you see tabs crashing unexpectedly, can you look at the > bug report (and some of the instructions for getting more information > on the crashes) and see if your experience matches any of the reporters > in the bug, and if so add a comment to the bug? On the other hand, if > you run Firefox (from the Fedora package) on Fedora 26 and you have > *not* had issues with tabs crashing regularly, please reply to this > mail and say so. The latter request is not so helpful, since it turns this into a popularity contest and may depend on which websites are visited. The comments in the ticket are very confusing. There number is growing. Where exactly can clear instructions be found? For me it's Fedora 25 x86_64 that suffers badly from the tab crashing problem. Upon visiting ordinary newspaper articles, such as http://www.spiegel.de/fotostrecke/nordkorea-feiert-seine-armee-fotostrecke-146898.html I get "Gah. Your tab just crashed.", and the following SELinux Alert. Is it related? SELinux is preventing Chrome_ChildThr from 'read, write' accesses on the file 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429. ***** Plugin mozplugger (93.0 confidence) suggests ************************ If you want to use the plugin package Then you must turn off SELinux controls on the Firefox plugins. Do # setsebool -P unconfined_mozilla_plugin_transition 0 ***** Plugin catchall_labels (6.67 confidence) suggests ******************* If you want to allow Chrome_ChildThr to have read write access on the 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 file Then you need to change the label on 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 Do # semanage fcontext -a -t FILE_TYPE '2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429' where FILE_TYPE is one of the following: afs_cache_t, cache_home_t, config_home_t, data_home_t, dbus_home_t, gconf_home_t, gkeyringd_gnome_home_t, gnome_home_t, gstreamer_home_t, home_cert_t, icc_data_home_t, mozilla_home_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mplayer_home_t, pulseaudio_home_t, puppet_tmp_t, texlive_home_t, tmpfs_t, user_cron_spool_t, user_fonts_cache_t, user_tmp_t. Then execute: restorecon -v '2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429' ***** Plugin catchall (1.73 confidence) suggests ************************** If you believe that Chrome_ChildThr should be allowed read write access on the 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'Chrome_ChildThr' --raw | audit2allow -M my-ChromeChildThr # semodule -X 300 -i my-ChromeChildThr.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:unlabeled_t:s0 Target Objects 2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C 612D74656D702D393439353034363331202864656C65746564 29 [ file ] Source Chrome_ChildThr Source Path Chrome_ChildThr Port <Unknown> Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-225.11.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name noname Platform Linux noname 4.10.6-200.fc25.x86_64 #1 SMP Mon Mar 27 14:06:23 UTC 2017 x86_64 x86_64 Alert Count 14 First Seen 2017-04-06 22:44:05 CEST Last Seen 2017-04-25 13:15:16 CEST Local ID 05e95128-fead-4227-a0e9-eed46600a63c Raw Audit Messages type=AVC msg=audit(1493118916.89:232): avc: denied { read write } for pid=2099 comm="Chrome_ChildThr" path=2F686F6D652F706572736F6E616C5F746D702F6D6F7A696C6C612D74656D702D393439353034363331202864656C6574656429 dev="dm-4" ino=265855 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0 Hash: Chrome_ChildThr,mozilla_plugin_t,unlabeled_t,file,read,write _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org
