Here is the 3 AVCs i'm getting from Chromium on launch : 1) Résumé: SELinux is preventing /opt/google/chrome/chrome "read" access on /opt/google/chrome/libnss3.so.1d. Description détaillée: [chrome a un type permissif (chrome_sandbox_t). Cet accès n'a pas été refusé.] SELinux denied access requested by chrome. It is not expected that this access is required by chrome and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:usr_t:s0 Objets du contexte /opt/google/chrome/libnss3.so.1d [ lnk_file ] source chrome Chemin de la source /opt/google/chrome/chrome Port <Inconnu> Hôte BubbleWork.BubbleNet Paquetages RPM source google-chrome-unstable-5.0.371.0-43900 Paquetages RPM cible Politique RPM selinux-policy-3.6.32-108.fc12 Selinux activé True Type de politique targeted Mode strict Enforcing Nom du plugin catchall Nom de l'hôte BubbleWork.BubbleNet Plateforme Linux BubbleWork.BubbleNet 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Compteur d'alertes 2 Première alerte lun 12 avr 2010 09:35:31 EDT Dernière alerte lun 12 avr 2010 09:38:10 EDT ID local 6d039fab-a92c-4aca-91a8-e7d60a572c48 Numéros des lignes Messages d'audit bruts node=BubbleWork.BubbleNet type=AVC msg=audit(1271079490.798:31590): avc: denied { read } for pid=3017 comm="chrome" name="libnss3.so.1d" dev=dm-2 ino=4325800 scontext=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file node=BubbleWork.BubbleNet type=SYSCALL msg=audit(1271079490.798:31590): arch=c000003e syscall=2 success=yes exit=4 a0=7fffc84234c0 a1=0 a2=0 a3=6ffffdff items=0 ppid=0 pid=3017 auid=500 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) 2) Résumé: SELinux is preventing /opt/google/chrome/chrome "read" access on /opt/google/chrome/chrome.pak. Description détaillée: [chrome a un type permissif (chrome_sandbox_t). Cet accès n'a pas été refusé.] SELinux denied access requested by chrome. It is not expected that this access is required by chrome and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:usr_t:s0 Objets du contexte /opt/google/chrome/chrome.pak [ file ] source chrome Chemin de la source /opt/google/chrome/chrome Port <Inconnu> Hôte BubbleWork.BubbleNet Paquetages RPM source google-chrome-unstable-5.0.371.0-43900 Paquetages RPM cible google-chrome-unstable-5.0.371.0-43900 Politique RPM selinux-policy-3.6.32-108.fc12 Selinux activé True Type de politique targeted Mode strict Enforcing Nom du plugin catchall Nom de l'hôte BubbleWork.BubbleNet Plateforme Linux BubbleWork.BubbleNet 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Compteur d'alertes 4 Première alerte lun 12 avr 2010 09:35:31 EDT Dernière alerte lun 12 avr 2010 09:38:10 EDT ID local 884bddd8-8fa6-4752-8518-bf669035fa2f Numéros des lignes Messages d'audit bruts node=BubbleWork.BubbleNet type=AVC msg=audit(1271079490.807:31591): avc: denied { read } for pid=3017 comm="chrome" name="chrome.pak" dev=dm-2 ino=4325396 scontext=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=BubbleWork.BubbleNet type=AVC msg=audit(1271079490.807:31591): avc: denied { open } for pid=3017 comm="chrome" name="chrome.pak" dev=dm-2 ino=4325396 scontext=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=BubbleWork.BubbleNet type=SYSCALL msg=audit(1271079490.807:31591): arch=c000003e syscall=2 success=yes exit=68719476864 a0=3597c58 a1=0 a2=180 a3=4 items=0 ppid=0 pid=3017 auid=500 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) 3) Résumé: SELinux is preventing /opt/google/chrome/chrome "getattr" access on /opt/google/chrome/chrome.pak. Description détaillée: [chrome a un type permissif (chrome_sandbox_t). Cet accès n'a pas été refusé.] SELinux denied access requested by chrome. It is not expected that this access is required by chrome and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:usr_t:s0 Objets du contexte /opt/google/chrome/chrome.pak [ file ] source chrome Chemin de la source /opt/google/chrome/chrome Port <Inconnu> Hôte BubbleWork.BubbleNet Paquetages RPM source google-chrome-unstable-5.0.371.0-43900 Paquetages RPM cible google-chrome-unstable-5.0.371.0-43900 Politique RPM selinux-policy-3.6.32-108.fc12 Selinux activé True Type de politique targeted Mode strict Enforcing Nom du plugin catchall Nom de l'hôte BubbleWork.BubbleNet Plateforme Linux BubbleWork.BubbleNet 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Compteur d'alertes 2 Première alerte lun 12 avr 2010 09:35:31 EDT Dernière alerte lun 12 avr 2010 09:38:10 EDT ID local 391ef64c-f211-4e9c-8fbf-da518b6a9de8 Numéros des lignes Messages d'audit bruts node=BubbleWork.BubbleNet type=AVC msg=audit(1271079490.807:31592): avc: denied { getattr } for pid=3017 comm="chrome" path="/opt/google/chrome/chrome.pak" dev=dm-2 ino=4325396 scontext=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=BubbleWork.BubbleNet type=SYSCALL msg=audit(1271079490.807:31592): arch=c000003e syscall=5 success=yes exit=68719476864 a0=9 a1=7fffc84224f0 a2=7fffc84224f0 a3=7fffc8421fa0 items=0 ppid=0 pid=3017 auid=500 uid=500 gid=501 euid=500 suid=500 fsuid=500 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=staff_u:staff_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
*** This bug has been marked as a duplicate of bug 581457 ***
Er, sorry for the dupe... i missed 581457...