libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.6-3.fc16.x86_64 reason: SELinux is preventing /opt/google/chrome/chrome from 'shutdown' accesses on the None . time: Mon 27 Feb 2012 11:20:57 AM MSK description: :SELinux is preventing /opt/google/chrome/chrome from 'shutdown' accesses on the None . : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that chrome should be allowed shutdown access on the <Unknown> by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep PipelineThread /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c : 0.c1023 :Target Context unconfined_u:unconfined_r:unconfined_execmem_t:s0- : s0:c0.c1023 :Target Objects [ None ] :Source PipelineThread :Source Path /opt/google/chrome/chrome :Port <Unknown> :Host (removed) :Source RPM Packages google-chrome-unstable-19.0.1049.3-123257.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-75.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.6-3.fc16.x86_64 #1 : SMP Mon Feb 13 20:35:42 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen Mon 27 Feb 2012 10:59:47 AM MSK :Last Seen Mon 27 Feb 2012 11:00:47 AM MSK :Local ID a647f3da-0f0b-4c44-9e89-a95acda2049c : :Raw Audit Messages :type=AVC msg=audit(1330326047.455:3316): avc: denied { shutdown } for pid=17653 comm="PipelineThread" scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tclass=unix_stream_socketnode=(removed) type=SYSCALL msg=audit(1330326047.455:3316): arch=c000003e syscall=48 success=no exit=-13 a0=18 a1=2 a2=7f5787ac6780 a3=5dff4e0 items=0 ppid=2 pid=17653 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=4 comm="PipelineThread" exe="/opt/google/chrome/chrome" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) : : :Hash: PipelineThread,chrome_sandbox_t,unconfined_execmem_t,None,shutdown : :audit2allow : : :audit2allow -R : :
commit 3f921131243dec7d914959661ae17dae3af76229 Author: Miroslav Grepl <mgrepl> Date: Mon Feb 27 13:58:22 2012 +0000 Dontaudit sandbox to shudown unconfined_execmem stream
selinux-policy-3.10.0-78.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-78.fc16
Package selinux-policy-3.10.0-78.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-78.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-78.fc16 then log in and leave karma (feedback).
Package selinux-policy-3.10.0-80.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-80.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-80.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-80.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.