Bug 989062
| Summary: | SELinux is preventing /opt/google/chrome/chrome from 'getattr' accesses on the file /home/Frankyboy/.xsession-errors. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | franck.bailliet |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:3476484f8505f8736d6e4cf413716d967461c5b004ec66c8b1b4f00c14b3ae99 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-07-29 10:12:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 989061 *** |
Description of problem: SELinux is preventing /opt/google/chrome/chrome from 'getattr' accesses on the file /home/Frankyboy/.xsession-errors. ***** Plugin chrome (98.5 confidence) suggests ***************************** If vous voulez utiliser le paquet plugin Then vous devrez désactiver les contrôles SELinux sur les greffons Chrome. Do # setsebool unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests *************************** If vous pensez que chrome devrait être autorisé à accéder getattr sur .xsession-errors file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep chrome /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:samba_share_t:s0 Target Objects /home/Frankyboy/.xsession-errors [ file ] Source chrome Source Path /opt/google/chrome/chrome Port <Inconnu> Host (removed) Source RPM Packages google-chrome-stable-28.0.1500.71-209842.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-66.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.3-300.fc19.x86_64 #1 SMP Fri Jul 26 00:00:58 UTC 2013 x86_64 x86_64 Alert Count 27 First Seen 2013-07-27 10:55:37 CEST Last Seen 2013-07-27 11:27:33 CEST Local ID 4a26c4e3-65a8-4dc6-8f02-b58ed01e6c7f Raw Audit Messages type=AVC msg=audit(1374917253.127:474): avc: denied { getattr } for pid=2731 comm="chrome" path="/home/Frankyboy/.xsession-errors" dev="sda5" ino=8388618 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file type=SYSCALL msg=audit(1374917253.127:474): arch=x86_64 syscall=fstat success=no exit=EACCES a0=7 a1=7fffec138e80 a2=7fffec138e80 a3=10 items=0 ppid=6 pid=2731 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chrome,chrome_sandbox_t,samba_share_t,file,getattr Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.10.3-300.fc19.x86_64 type: libreport