Description of problem: SELinux is preventing /opt/google/chrome/nacl_helper_bootstrap from using the 'sigchld' accesses on a process. ***** Plugin chrome (98.5 confidence) suggests **************************** If usted desea usar el paquete plugin Then debe apagar los controles SELinuxsobre los plugins Chrome. Do # setsebool -P unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests ************************** If cree que de manera predeterminada, nacl_helper_bootstrap debería permitir acceso sigchld sobre procesos etiquetados como chrome_sandbox_nacl_t. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep nacl_helper_boo /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0 -s0:c0.c1023 Target Objects [ process ] Source nacl_helper_boo Source Path /opt/google/chrome/nacl_helper_bootstrap Port <Unknown> Host (removed) Source RPM Packages google-chrome-stable-36.0.1985.125-1.i386 Target RPM Packages Policy RPM selinux-policy-3.12.1-177.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.15.6-200.fc20.i686+PAE #1 SMP Fri Jul 18 03:01:10 UTC 2014 i686 i686 Alert Count 1 First Seen 2014-07-25 14:09:04 ECT Last Seen 2014-07-25 14:09:04 ECT Local ID 6503060a-af47-4fb0-975d-fdb9f21e5132 Raw Audit Messages type=AVC msg=audit(1406315344.717:395): avc: denied { sigchld } for pid=2333 comm="nacl_helper_boo" scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1406315344.717:395): arch=i386 syscall=waitpid success=yes exit=ENOENT a0=2 a1=0 a2=0 a3=5 items=0 ppid=2332 pid=2333 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=2 comm=nacl_helper_boo exe=/opt/google/chrome/nacl_helper_bootstrap subj=unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0-s0:c0.c1023 key=(null) Hash: nacl_helper_boo,chrome_sandbox_t,chrome_sandbox_nacl_t,process,sigchld Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.15.6-200.fc20.i686+PAE type: libreport
commit 90813398a69195ca8c7a46f1156bf7975392bfaf Author: Miroslav Grepl <mgrepl> Date: Thu Jul 31 22:33:31 2014 +0200 Allow nacl_helper_boo running in :chrome_sandbox_t to send SIGCHLD to chrome_sandbox_nacl_t.
selinux-policy-3.12.1-180.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-180.fc20
Package selinux-policy-3.12.1-180.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-180.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9454/selinux-policy-3.12.1-180.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-180.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.