Summary: SELinux is preventing /opt/google/chrome/chrome "read" access on /stuff/opt/google/chrome/chrome.pak. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by chrome. It is not expected that this access is required by chrome and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context system_u:object_r:default_t:s0 Target Objects /stuff/opt/google/chrome/chrome.pak [ file ] Source chrome Source Path /opt/google/chrome/chrome Port <Unknown> Host (removed) Source RPM Packages google-chrome-beta-5.0.342.9-43360 Target RPM Packages google-chrome-beta-5.0.342.9-43360 Policy RPM selinux-policy-3.6.32-110.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux southpark 2.6.32.11-99.fc12.i686 #1 SMP Mon Apr 5 16:32:08 EDT 2010 i686 i686 Alert Count 2 First Seen Mon 03 May 2010 12:46:33 PM CEST Last Seen Mon 03 May 2010 12:46:33 PM CEST Local ID 84332127-e5e7-41e4-94fc-ec1fbfcf789f Line Numbers Raw Audit Messages node=southpark type=AVC msg=audit(1272883593.16:48): avc: denied { read } for pid=2810 comm="chrome" name="chrome.pak" dev=dm-1 ino=1000 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file node=southpark type=AVC msg=audit(1272883593.16:48): avc: denied { open } for pid=2810 comm="chrome" name="chrome.pak" dev=dm-1 ino=1000 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file node=southpark type=SYSCALL msg=audit(1272883593.16:48): arch=40000003 syscall=5 per=400000 success=yes exit=9 a0=c02da94 a1=8000 a2=0 a3=0 items=0 ppid=0 pid=2810 auid=1200 uid=1200 gid=1200 euid=1200 suid=1200 fsuid=1200 egid=1200 sgid=1200 fsgid=1200 tty=(none) ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,chrome,chrome_sandbox_t,default_t,file,read audit2allow suggests: #============= chrome_sandbox_t ============== allow chrome_sandbox_t default_t:file { read open };
/stuff is not a standard directory. Execute # semanage fcontext -a -e /opt /stuff/opt # restorecon -Rv /stuff Should fix.