Sumário: SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from loading /usr/lib64/chromium-browser/libsandbox.so which requires text relocation. Descrição detalhada: [chromium-browse tem um tipo permissivo (chrome_sandbox_t). Esse acesso não foi negado.] The chromium-browse application attempted to load /usr/lib64/chromium-browser/libsandbox.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib64/chromium-browser/libsandbox.so to use relocation as a workaround, until the library is fixed. Please file a bug report. Permitindo acesso: If you trust /usr/lib64/chromium-browser/libsandbox.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib64/chromium-browser/libsandbox.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib64/chromium-browser/libsandbox.so'" Comando de correção: chcon -t textrel_shlib_t '/usr/lib64/chromium-browser/libsandbox.so' Informações adicionais: Contexto de origem unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Contexto de destino system_u:object_r:lib_t:s0 Objetos de destino /usr/lib64/chromium-browser/libsandbox.so [ file ] Origem chromium-browse Caminho da origem /usr/lib64/chromium-browser/chromium-browser Porta <Desconhecido> Máquina (removed) Pacotes RPM de origem chromium-4.0.277.0-0.1.20091221svn35107.fc12 Pacotes RPM de destino chromium-libs-4.0.277.0-0.1.20091221svn35107.fc12 RPM da política selinux-policy-3.6.32-59.fc12 Selinux habilitado True Tipo de política targeted Modo reforçado Enforcing Nome do plugin allow_execmod Nome da máquina (removed) Plataforma Linux (removed) 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 Contador de alertas 11 Visto pela primeira vez em Sáb 26 Dez 2009 08:27:24 BRT Visto pela última vez em Dom 27 Dez 2009 21:50:22 BRT ID local d211dc9b-3af0-422b-881c-7356561b235c Números de linha Mensagens de auditoria não p node=(removed) type=AVC msg=audit(1261961422.210:22): avc: denied { execmod } for pid=2962 comm="chromium-browse" path="/usr/lib64/chromium-browser/libsandbox.so" dev=dm-1 ino=180332 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1261961422.210:22): arch=c000003e syscall=10 success=yes exit=128 a0=7ffec9634000 a1=1c000 a2=5 a3=7ffec9639280 items=0 ppid=0 pid=2962 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="chromium-browse" exe="/usr/lib64/chromium-browser/chromium-browser" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-59.fc12,allow_execmod,chromium-browse,chrome_sandbox_t,lib_t,file,execmod audit2allow suggests: #============= chrome_sandbox_t ============== allow chrome_sandbox_t lib_t:file execmod;
Execute # chcon -t textrel_shlib_t /usr/lib64/chromium-browser/*.so or # yum update selinux-policy-targeted --enablerepo=updates-testing *** This bug has been marked as a duplicate of bug 549675 ***