Hide Forgot
+++ This bug was initially created as a clone of Bug #1345836 +++ Description of problem: latest chrome 7880:7880:0613/104503:ERROR:shared_memory_posix.cc(290)] Creating shared memory in /dev/shm/.com.google.Chrome.aGwmG9 failed: Permission denied [7880:7880:0613/104503:ERROR:shared_memory_posix.cc(293)] Unable to access(W_OK|X_OK) /dev/shm: Permission denied [7880:7880:0613/104503:FATAL:shared_memory_posix.cc(295)] This is frequently caused by incorrect permissions on /dev/shm. Try 'sudo chmod 1777 /dev/shm' to fix. Aborted (core dumped) SELinux is preventing google-chrome-s from 'create' accesses on the file 63. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that google-chrome-s should be allowed create access on the 63 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'google-chrome-s' --raw | audit2allow -M my-googlechromes # semodule -X 300 -i my-googlechromes.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:object_r:unconfined_t:s0 Target Objects 63 [ file ] Source google-chrome-s Source Path google-chrome-s Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-194.fc25.noarch selinux- policy-3.13.1-195.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.0-0.rc2.git1.1.fc25.x86_64 #1 SMP Tue Jun 7 13:28:43 UTC 2016 x86_64 x86_64 Alert Count 5 First Seen 2016-05-26 15:42:46 BST Last Seen 2016-06-13 10:28:38 BST Local ID 451ced9a-8fe3-4a2b-9718-57c538f7c220 Raw Audit Messages type=AVC msg=audit(1465810118.119:243): avc: denied { create } for pid=7433 comm="google-chrome-s" name="63" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_t:s0 tclass=file permissive=0 Hash: google-chrome-s,unconfined_t,unconfined_t,file,create Version-Release number of selected component: selinux-policy-3.13.1-194.fc25.noarch selinux-policy-3.13.1-195.fc25.noarch Additional info: reporter: libreport-2.7.1 hashmarkername: setroubleshoot kernel: 4.7.0-0.rc2.git1.1.fc25.x86_64 reproducible: Not sure how to reproduce the problem type: libreport --- Additional comment from Daniel Walsh on 2016-06-13 12:00:07 EDT --- Fixed in selinux-policy-3.13.1-196.fc25.noarch This also affects Fedora 24 with selinux-policy-3.13.1-191.12.fc24
Description of problem: 1. Updated kernel from 4.6 to 4.7.2-201.fc24.x86_64 2. Reboot system 3. Started google-chrome 53.0.2785.89 (64-bit) Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: This problem occurred after I: (a) Upgraded to the now-current version of the kernel (4.7.2-201.fc24.x86_64), (b) Shut down and restarted the machine, and finally (c) Started Google Chrome. Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Please see https://bugzilla.redhat.com/show_bug.cgi?id=1345836 This bug was "fixed in selinux-policy-3.13.1-196.fc25.noarch" Hopefully, it will be backported into Fedora 24.
(In reply to SteveCr48 from comment #3) > Please see https://bugzilla.redhat.com/show_bug.cgi?id=1345836 > > This bug was "fixed in selinux-policy-3.13.1-196.fc25.noarch" Hopefully, it > will be backported into Fedora 24. Thank you.
Description of problem: Was trying to start Google Chrome (google-chrome-stable-53.0.2785.92-1.x86_64) from the 'Applications' menu. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Launched google-chrome-stable, prompts for password to unlock keyring. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Starting up google-chrome-stable appears to have caused this. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Initial startup of computrer; After Logging in, start Chrome and receive SELinux alert about denied access. I can't tell if the denial causes any problems. I haven't noticed any. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Could this possibly be related to the 4.7.2 kernel? I just booted up using the previously-installed kernel (4.6.7, I believe), launched Chrome and it started fine. The box about the keyring not unlocking, did not appear.
Description of problem: SELinux Violation everytime I start Chrome now. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
*** Bug 1373284 has been marked as a duplicate of this bug. ***
Description of problem: Latest update (Google Chrome 53.0.2785.92) after installing and rebooting made this warning appear. Don't know the possible causes nor the consequences of this warning Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
There is a new check in the latest kernel which is causing this issue. Basically the "create" check is happening even if the file already exists. This is causing the SELinux issue, since creating files in /proc is not allowed, we don't allow it in policy. Nothing is actually blocked by this AVC since the file does not actually need to be created. We have added a dontaudit rule for this in Rawhide, and we need to back port this to older versions of Fedora.
Description of problem: Launching Google, this error message appeared. Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
*** Bug 1373861 has been marked as a duplicate of this bug. ***
Description of problem: Installed latest google chrome and received a selinux warning Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: When I open up Chrome I am asked to enter passwords. It will not allow me to enter passwords, the black box where the passwords are entered just hang Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Just started and launch Google Chrome Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Open Chrome 53.0.2785.92 (64-bit) Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
Description of problem: Start Chrome Happened after updating to Version 53.0.2785.92 (64-bit) Version-Release number of selected component: selinux-policy-3.13.1-191.14.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.7.2-201.fc24.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1345836 ***
*** Bug 1374930 has been marked as a duplicate of this bug. ***
*** Bug 1374952 has been marked as a duplicate of this bug. ***
*** Bug 1375019 has been marked as a duplicate of this bug. ***
*** Bug 1376612 has been marked as a duplicate of this bug. ***
*** Bug 1377979 has been marked as a duplicate of this bug. ***
*** Bug 1378377 has been marked as a duplicate of this bug. ***