On Thu, Jun 17, 2010 at 9:58 PM, Jim <mickeyboa@xxxxxxxxxxxxx> wrote: > On 06/17/2010 04:33 PM, Marko Vojinovic wrote: >> On Thursday, June 17, 2010 21:00:41 Jim wrote: >> >>> FC13/KDE >>> >>> setroubleshoot: SELinux is preventing >>> /usr/lib64/chromium-browser/chrome-sandbox "net_raw" access . For >>> complete SELinux messages. run sealert -l >>> 68797c25-9748-4ab8-b020-f63a80f543a7 I just came back from a holiday and had the new google-chrome-beta-6.0.472.33-55501.i386 in an F12 box, and I find that as soon as I start up chrome I am getting what seems to the the same avc: Summary: SELinux is preventing /opt/google/chrome/chrome-sandbox "net_raw" access . Detailed Description: [chrome-sandbox has a permissive type (chrome_sandbox_t). This access was not denied.] SELinux denied access requested by chrome-sandbox. It is not expected that this access is required by chrome-sandbox and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Objects None [ capability ] Source chrome-sandbox Source Path /opt/google/chrome/chrome-sandbox Port <Unknown> Host home1.mdc.sapience.com Source RPM Packages google-chrome-beta-6.0.472.33-55501 Target RPM Packages Policy RPM selinux-policy-3.6.32-118.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name xxx.xxx.xxx.com Platform Linux xxx.xxx.xxx.com 2.6.32.16-150.fc12.i686.PAE #1 SMP Sat Jul 24 05:25:42 UTC 2010 i686 i686 Alert Count 3 First Seen Fri 13 Aug 2010 07:50:31 PM BST Last Seen Fri 13 Aug 2010 09:16:47 PM BST Local ID 81e1f781-9dbd-4dbf-926b-b6334a67aac6 Line Numbers Raw Audit Messages node=xxx.xxx.xxx.com type=AVC msg=audit(1281730607.936:35598): avc: denied { net_raw } for pid=32256 comm="chrome-sandbox" capability=13 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tclass=capability node=xxx.xxx.xxx.com type=SYSCALL msg=audit(1281730607.936:35598): arch=40000003 syscall=120 success=yes exit=32257 a0=60020011 a1=0 a2=0 a3=0 items=0 ppid=32252 pid=32256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=76 comm="chrome-sandbox" exe="/opt/google/chrome/chrome-sandbox" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Has anyone found a solution yet? Thanks -- mike c -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
