On 06/17/2010 04:33 PM, Marko Vojinovic wrote: > On Thursday, June 17, 2010 21:00:41 Jim wrote: > >> FC13/KDE >> >> setroubleshoot: SELinux is preventing >> /usr/lib64/chromium-browser/chrome-sandbox "net_raw" access . For >> complete SELinux messages. run sealert -l >> 68797c25-9748-4ab8-b020-f63a80f543a7 >> >> I run the sealert -l 68797c25-9748-4ab8-b020-f63a80f543a7 and that >> doesn't stop error message. >> > What did sealert actually say? > > The sealert command is not meant to fix the problem but to give you human- > readable information about what went wrong and eventually a suggestion how to > fix it. > > What you should do is to post the output of that sealert command for people > here to see and comment. > > HTH, :-) > Marko > > sealert -l 68797c25-9748-4ab8-b020-f63a80f543a7 Summary: SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox "net_raw" access . Detailed Description: [chrome-sandbox has a permissive type (chrome_sandbox_t). This access was not denied.] SELinux denied access requested by chrome-sandbox. It is not expected that this access is required by chrome-sandbox and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Objects None [ capability ] Source chrome-sandbox Source Path /usr/lib64/chromium-browser/chrome-sandbox Port <Unknown> Host acer64 Source RPM Packages chromium-6.0.425.0-1.20100603svn48849.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-116.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name acer64 Platform Linux acer64 2.6.32.14-127.fc12.x86_64 #1 SMP Fri May 28 04:30:39 UTC 2010 x86_64 x86_64 Alert Count 12 First Seen Tue Jun 15 12:08:56 2010 Last Seen Thu Jun 17 16:32:38 2010 Local ID 68797c25-9748-4ab8-b020-f63a80f543a7 Line Numbers Raw Audit Messages node=acer64 type=AVC msg=audit(1276806758.286:28555): avc: denied { net_raw } for pid=12701 comm="chrome-sandbox" capability=13 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tclass=capability node=acer64 type=SYSCALL msg=audit(1276806758.286:28555): arch=c000003e syscall=56 success=yes exit=12702 a0=60020011 a1=0 a2=0 a3=0 items=0 ppid=12699 pid=12701 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="chrome-sandbox" exe="/usr/lib64/chromium-browser/chrome-sandbox" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
