Description of problem: tentative de lancement de la commande : $ primusrun chromium-browser SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'write' accesses on the sock_file bumblebee.socket. ***** Plugin chrome (98.5 confidence) suggests ***************************** If vous voulez utiliser le paquet plugin Then vous devrez désactiver les contrôles SELinux sur les greffons Chrome. Do # setsebool -P unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests *************************** If vous pensez que chromium-browser devrait être autorisé à accéder write sur bumblebee.socket sock_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep chromium-browse /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context system_u:object_r:var_run_t:s0 Target Objects bumblebee.socket [ sock_file ] Source chromium-browse Source Path /usr/lib64/chromium-browser/chromium-browser Port <Inconnu> Host (removed) Source RPM Packages chromium-27.0.1453.93-2.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.10.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-11-07 21:33:48 CET Last Seen 2013-11-07 21:33:48 CET Local ID 768afa0f-9e74-4a29-9197-55155375d66c Raw Audit Messages type=AVC msg=audit(1383856428.381:556): avc: denied { write } for pid=5772 comm="chromium-browse" name="bumblebee.socket" dev="tmpfs" ino=15075 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1383856428.381:556): arch=x86_64 syscall=connect success=no exit=EACCES a0=4 a1=7fff6cccf1d0 a2=6e a3=7fff6cccef70 items=0 ppid=0 pid=5772 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=chromium-browse exe=/usr/lib64/chromium-browser/chromium-browser subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chromium-browse,chrome_sandbox_t,var_run_t,sock_file,write Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.6-200.fc19.x86_64 type: libreport
Is there a bumblebee daemon? # ps -efZ |grep bumble
Also does it relate with nvidia?
There is a bumblebee daemon and the video card is nvidia with optimus. (Launching $primusrun vlc or firefox works, launching chromium alone works, but not $primusrun chromium.)
I just added a beginning policy for bumblebee to rawhide.
*** Bug 1031806 has been marked as a duplicate of this bug. ***
I'm going to backport bumblebee policy to f19 in few days.
commit 45fbf1722f3ea8e37cf2076ebe1cd1f4d52799f8 Author: Lukas Vrabec <lvrabec> Date: Thu Mar 20 15:14:45 2014 +0100 Added policy for bumblebee
selinux-policy-3.12.1-74.23.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.23.fc19
Package selinux-policy-3.12.1-74.23.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.23.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-4216/selinux-policy-3.12.1-74.23.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.26.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.26.fc19
selinux-policy-3.12.1-74.26.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.