Hide Forgot
SELinux is preventing /opt/google/chrome/chrome from read, write access on the file /home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal. ***** Plugin restorecon (94.8 confidence) suggests ************************* If you want to fix the label. /home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal default label should be config_home_t. Then you can run restorecon. Do # /sbin/restorecon -v /home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal ***** Plugin catchall_labels (5.21 confidence) suggests ******************** If you want to allow chrome to have read write access on the 1-journal file Then you need to change the label on /home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal Do # semanage fcontext -a -t FILE_TYPE '/home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal' where FILE_TYPE is one of the following: user_cron_spool_t, cgroup_t, user_tmpfs_t, user_fonts_cache_t, chrome_sandbox_tmpfs_t, chrome_sandbox_tmp_t, gnome_home_type, afs_cache_t, chrome_sandbox_t. Then execute: restorecon -v '/home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal' ***** Plugin catchall (1.44 confidence) suggests *************************** If you believe that chrome should be allowed read write access on the 1-journal file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:default_t:s0 Target Objects /home/knelson6/.config/google-chrome/Default/datab ases/http_twitter.com_0/1-journal [ file ] Source chrome Source Path /opt/google/chrome/chrome Port <Unknown> Host (removed) Source RPM Packages google-chrome-stable-12.0.742.124-92024 Target RPM Packages Policy RPM selinux-policy-3.9.16-34.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.8-35.fc15.x86_64 #1 SMP Wed Jul 6 13:58:54 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Fri 22 Jul 2011 08:09:54 AM EDT Last Seen Fri 22 Jul 2011 08:09:54 AM EDT Local ID f1964815-8c1e-4db7-8882-9ab6364044a1 Raw Audit Messages type=AVC msg=audit(1311336594.612:350): avc: denied { read write } for pid=7530 comm="chrome" path="/home/knelson6/.config/google-chrome/Default/databases/http_twitter.com_0/1-journal" dev=dm-2 ino=2490471 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1311336594.612:350): arch=x86_64 syscall=recvmsg success=yes exit=EPERM a0=15 a1=7f200a658e30 a2=40 a3=ffffffff items=0 ppid=1 pid=7530 auid=2328 uid=2328 gid=100 euid=2328 suid=2328 fsuid=2328 egid=100 sgid=100 fsgid=100 tty=(none) ses=2 comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chrome,chrome_sandbox_t,default_t,file,read,write audit2allow #============= chrome_sandbox_t ============== allow chrome_sandbox_t default_t:file { read write }; audit2allow -R #============= chrome_sandbox_t ============== allow chrome_sandbox_t default_t:file { read write };
You need to run # restorecon -R -v ~/