Bug 733824 - SELinux Policy prevents use of Kindle Web App in Chromium
Summary: SELinux Policy prevents use of Kindle Web App in Chromium
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: 0xFFFF
Version: 15
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-27 07:10 UTC by Muel Kiel
Modified: 2018-04-11 09:50 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-29 08:30:58 UTC


Attachments (Terms of Use)
Details from SELinux Troubleshooter (4.33 KB, text/plain)
2011-08-27 07:10 UTC, Muel Kiel
no flags Details

Description Muel Kiel 2011-08-27 07:10:52 UTC
Created attachment 520163 [details]
Details from SELinux Troubleshooter

Description of problem:
Can't use the Kindle Web app in chromium because SELinux policy prevents the HTML5 offline storage (I think that's what Kindle web app is trying to use) from being accessed by chromium.

Version-Release number of selected component (if applicable):
3.9.16

How reproducible:
Everytime

Steps to Reproduce:
1. Install Chromium from the repos.fedorapeople.org repo
2. Install Kindle Web App in Chromium
3. Try to access Kindle web app
  
Actual results:
The tab gets the crashed symbol and SELinux troubleshooter pops up with a new warning

Expected results:
The amazon kindle web app loads in chromium


Additional info:

The information I got from SELinux Troubleshooter is added as an attachment. After it didn't work the first time I tried restorecon then as per the suggestion of the trouble shooter modified the policy to change the context of the file it was trying to access. Neither of these things worked. Also I replaced my username with <username> and my hostname with <hostname>

Comment 1 Matěj Cepl 2011-08-28 21:16:50 UTC
I don't think this is a local database access to chromium which makes a problems here. Testing both http://www.html5rocks.com/en/tutorials/webdatabase/todo/ and http://www.html5rocks.com/en/tutorials/indexeddb/todo/ with chromium-13.0.782.112-1.fc16.x86_64 from spot's repository and I have no AVC denials in ausearch results.

On the other hand

unconfined_u:object_r:file_t:s0

is almost certainly wrong label. See https://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#file_t

Comment 2 Miroslav Grepl 2011-08-29 08:30:58 UTC
You need to fix labels on your homedir

# restorecon -R -v /home

Also you can look at

http://danwalsh.livejournal.com/42768.html

for some details.


Note You need to log in before you can comment on or make changes to this bug.