Description of problem: SELinux is preventing chrome-sandbox from 'write' accesses on the file oom_score_adj. ***** Plugin chrome (98.5 confidence) suggests **************************** If you want to use the plugin package Then you must turn off SELinux controls on the Chrome plugins. Do # setsebool -P unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests ************************** If you believe that chrome-sandbox should be allowed write access on the oom_score_adj file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects oom_score_adj [ file ] Source chrome-sandbox Source Path chrome-sandbox Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-105.3.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.18.7-200.fc21.x86_64+debug #1 SMP Wed Feb 11 21:35:41 UTC 2015 x86_64 x86_64 Alert Count 220 First Seen 2015-02-18 10:10:18 YEKT Last Seen 2015-02-18 13:56:31 YEKT Local ID a9cd17bc-185f-4117-8e43-509ed36545b1 Raw Audit Messages type=AVC msg=audit(1424249791.688:1278): avc: denied { write } for pid=1421 comm="chrome-sandbox" name="oom_score_adj" dev="proc" ino=4881287 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=1 Hash: chrome-sandbox,chrome_sandbox_t,unconfined_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.7-200.fc21.x86_64+debug type: libreport Potential duplicate: bug 896177
Follow step in your report to fix your issue. ***** Plugin chrome (98.5 confidence) suggests **************************** If you want to use the plugin package Then you must turn off SELinux controls on the Chrome plugins. Do # setsebool -P unconfined_chrome_sandbox_transition 0
Lukas, I am don't understand which plugin cause this, or browser itself?
Description of problem: Upgrade tampermonkey plugin Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: questo bug compare circa ogni 5 minuti mentre uso google chrome ... non c'è una particolare azione o un particolare evento che lo scatena, basta solo navigare con google chrome Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
see also bug 1200565 and bug 581256 for additional details as to why this will not be fixed in SELinux. please report this bug to Chrome developers at Google
reported to google at https://code.google.com/p/chromium/issues/detail?id=477329
Description of problem: launched chrome 42 Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: I logged intomy system and attempted to open outlook.com on google chrome and this error and the coinciding error reporting process began Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.i686 type: libreport
Description of problem: Just opened Chrome Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: chrome is just sitting here. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: opened Chrome happenes on opening since most recent SELinux policy update fedora 21 google-chrome-stable (latest) Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: started Chromium Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: I get this error on chrome start. Perhaps related, if I start chrome and then maximize the window by double clicking on the top bar of the frame, gnome-shell crashes with the "whoops and logout button" Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Langdon, Did you try suggestion in that report?
(In reply to Lukas Vrabec from comment #14) > Langdon, > Did you try suggestion in that report? Work around seemed to make the selinux warn go away. However, problem still exists and is now reported at https://bugzilla.redhat.com/show_bug.cgi?id=1142225
How did all of you miss the earlier mention I made of the original bugzilla report wherein it was clearly stated to be a CHROME not an SELINUX bug, and WHY it would NOT be fixed in SELINUX and WHY it should be reported to GOOGLE as a BUG IN CHROME and the fact that I have already done so? please post further instances of this bug report on the CHROME BUG linked above in comment #6 instead of following up further to this issue here. > reported to google at > https://code.google.com/p/chromium/issues/detail?id=477329
Description of problem: It happens as soon as I open Google Chrome stable every time. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.i686 type: libreport
Description of problem: Happened at boot time. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: Chrome used to load the passwords keyringwhen loaded. Now it coughs up this error, and I have to load a password before it will load the others (any password in the keyring). This did not happen before the latest chrome update. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
09:37 AM {113} localhost: ~>$ rpm -qa --last |egrep 'selinux-policy|google-chrome' google-chrome-stable-42.0.2311.90-1.x86_64 Wed 15 Apr 2015 09:39:10 AM EDT selinux-policy-targeted-3.13.1-105.11.fc21.noarch Tue 14 Apr 2015 01:31:15 PM EDT selinux-policy-3.13.1-105.11.fc21.noarch Tue 14 Apr 2015 01:29:13 PM EDT As you can see, Selinux-policy was last updated on the 14th, and google-chrome on the 15th. now, 09:37 AM {114} localhost: ~>$ journalctl --since 2015-04-01 |grep setroubleshoot results in over 800 lines of repeat on the chrome issue, hOWEVER right before that is very telling as to exactly when the chrome bug started to show -- NOT when the policy was updated, but when CHROME was updated: === Apr 01 10:31:59 localhost.localdomain setroubleshoot[22122]: SELinux is preventing shutdown from using the sys_resource capability. For complete SELinux messages. run sealert -l 00fb7000-198e-40ba-a7ee-cd4f74559cd7 Apr 02 21:09:42 localhost.localdomain setroubleshoot[25729]: SELinux is preventing shutdown from using the sys_resource capability. For complete SELinux messages. run sealert -l 00fb7000-198e-40ba-a7ee-cd4f74559cd7 Apr 02 21:09:42 localhost.localdomain setroubleshoot[25729]: SELinux is preventing shutdown from using the sys_resource capability. For complete SELinux messages. run sealert -l 00fb7000-198e-40ba-a7ee-cd4f74559cd7 Apr 10 14:49:24 localhost.localdomain yum[28225]: Updated: setroubleshoot-server-3.2.22-1.fc21.x86_64 Apr 10 14:49:32 localhost.localdomain yum[28225]: Updated: setroubleshoot-3.2.22-1.fc21.x86_64 Apr 15 09:46:43 localhost.localdomain setroubleshoot[8331]: Deleting alert 00fb7000-198e-40ba-a7ee-cd4f74559cd7, it is allowed in current policy Apr 15 09:46:45 localhost.localdomain setroubleshoot[8331]: SELinux is preventing chrome-sandbox from write access on the file oom_score_adj. For complete SELinux messages. run sealert -l 0f9a7a4c-40d9-44dd-b397-36471d0bdbe3 Apr 15 09:46:45 localhost.localdomain setroubleshoot[8331]: SELinux is preventing chrome-sandbox from write access on the file oom_adj. For complete SELinux messages. run sealert -l 0f9a7a4c-40d9-44dd-b397-36471d0bdbe3 Apr 15 09:46:45 localhost.localdomain setroubleshoot[8331]: SELinux is preventing chrome-sandbox from write access on the file oom_score_adj. For complete SELinux messages. run sealert -l 0f9a7a4c-40d9-44dd-b397-36471d0bdbe3 Apr 15 09:46:45 localhost.localdomain setroubleshoot[8331]: SELinux is preventing chrome-sandbox from write access on the file oom_adj. For complete SELinux messages. run sealert -l 0f9a7a4c-40d9-44dd-b397-36471d0bdbe3 ... ad infinitum out to a total so far of 841 lines to date... === notice the dates? I was running chrome right before manually updating it via yum, and restarted it after the update, moments later, and promptly started seeing the messages. _Chrome problem_. Please follow up with: https://code.google.com/p/chromium/issues/detail?id=477329
(In reply to Scott R. Godin from comment #20) > notice the dates? I was running chrome right before manually updating it via > yum, and restarted it after the update, moments later, and promptly started > seeing the messages. > > _Chrome problem_. Please follow up with: > https://code.google.com/p/chromium/issues/detail?id=477329 it'd be easier to do if the link you keep posting was not access restricted ("403. That’s an error.")
Description of problem: started chrome. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: this appeared after I opened the chrome brower newest version, How rediculous to get this blocked!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: Open Chrome-browser via Gnome Open "Files" via Gnome Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: Opening Crome Beta gives the error. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Bug 581256 had fixed this problem that now seems to be back...
Description of problem: Open a Chrome Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
(In reply to Jan Vesely from comment #21) > (In reply to Scott R. Godin from comment #20) > > notice the dates? I was running chrome right before manually updating it via > > yum, and restarted it after the update, moments later, and promptly started > > seeing the messages. > > > > _Chrome problem_. Please follow up with: > > https://code.google.com/p/chromium/issues/detail?id=477329 > > it'd be easier to do if the link you keep posting was not access restricted > ("403. That’s an error.") doesn't seem to be here -- I can view the ticket whether I'm logged into Gmail or not. Possibly there's a network outage for you at the time you were accessing this? Some other issue?
Description of problem: opened chrome Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: startet chrome with chrome addon "Inbox by Gmail" Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: Google Hangouts Chrome Plugin started. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.4-200.fc21.x86_64 type: libreport
Description of problem: On chrome stratup, after a system update. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.1-201.fc21.x86_64 type: libreport
Description of problem: On login.Chrome running. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.1-201.fc21.x86_64 type: libreport
Description of problem: 1. Installed Intel Graphics Installer with Fedora default software manager and rebooted the system. 2. Opened chrome which was previously closed abruptly while rebooting the computer. 3. Apparition of the SELinux chrome-sandbox write accesses message. * I don't know if this problem can be reproduced. Version-Release number of selected component: selinux-policy-3.13.1-105.11.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.3-200.fc21.x86_64 type: libreport
Description of problem: Installed Google Chrome Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: I launched Google Chrome and then presented the problem the problem occurred Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: Every time I open Chrome this message appears in the notification tray. I am using the official Google Chrome repository, version 42.0.2311.135-1. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.4-200.fc21.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 896177 ***