libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.5.2-1.fc17.i686.PAE time: Sun 19 Aug 2012 07:35:11 PM SGT description: :SELinux is preventing /opt/google/chrome/chrome from 'read' accesses on the file /part2/lhs/.fonts/msttcorefonts/arial.ttf. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow chrome to have read access on the arial.ttf file :Then you need to change the label on /part2/lhs/.fonts/msttcorefonts/arial.ttf :Do :# semanage fcontext -a -t FILE_TYPE '/part2/lhs/.fonts/msttcorefonts/arial.ttf' :where FILE_TYPE is one of the following: cgroup_t, locale_t, dosfs_t, xguest_t, etc_t, fonts_t, bin_t, cert_t, proc_t, sysfs_t, staff_t, auditadm_usertype, config_home_t, user_t, usr_t, user_fonts_cache_t, abrt_t, ld_so_t, xserver_tmpfs_t, lib_t, iceauth_home_t, xauth_home_t, user_fonts_t, user_tmpfs_t, cpu_online_t, afs_cache_t, abrt_helper_exec_t, sandbox_web_type, fonts_cache_t, chrome_sandbox_tmpfs_t, user_fonts_config_t, chrome_sandbox_nacl_exec_t, textrel_shlib_t, chrome_sandbox_tmp_t, rpm_script_tmp_t, secadm_usertype, sysadm_usertype, ld_so_cache_t, gnome_home_type, xdm_tmp_t, user_home_type, xdm_var_run_t, machineid_t, net_conf_t, chrome_sandbox_t, abrt_var_run_t, sysctl_kernel_t, user_usertype, home_cert_t, user_cron_spool_t, sysctl_crypto_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_t, staff_usertype, unconfined_t. :Then execute: :restorecon -v '/part2/lhs/.fonts/msttcorefonts/arial.ttf' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that chrome should be allowed read access on the arial.ttf file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep chrome /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c : 0.c1023 :Target Context system_u:object_r:default_t:s0 :Target Objects /part2/lhs/.fonts/msttcorefonts/arial.ttf [ file ] :Source chrome :Source Path /opt/google/chrome/chrome :Port <Unknown> :Host (removed) :Source RPM Packages google-chrome-stable-21.0.1180.79-151411.i386 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-145.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.2-1.fc17.i686.PAE #1 SMP Wed : Aug 15 16:30:14 UTC 2012 i686 i686 :Alert Count 28 :First Seen 2012-08-19 19:22:52 SGT :Last Seen 2012-08-19 19:25:13 SGT :Local ID 63ef36a7-2230-4aef-86c2-457a618c1cf1 : :Raw Audit Messages :type=AVC msg=audit(1345375513.380:121): avc: denied { read } for pid=2051 comm="chrome" path="/part2/lhs/.fonts/msttcorefonts/arial.ttf" dev="sda8" ino=1787592 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file : : :type=SYSCALL msg=audit(1345375513.380:121): arch=i386 syscall=socketcall success=yes exit=ENOEXEC a0=11 a1=bfa328c0 a2=b7876ff4 a3=0 items=0 ppid=4 pid=2051 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) : :Hash: chrome,chrome_sandbox_t,default_t,file,read : :audit2allow : :#============= chrome_sandbox_t ============== :#!!!! This avc is allowed in the current policy : :allow chrome_sandbox_t default_t:file read; : :audit2allow -R : :#============= chrome_sandbox_t ============== :#!!!! This avc is allowed in the current policy : :allow chrome_sandbox_t default_t:file read; :
*** This bug has been marked as a duplicate of bug 849424 ***