Description of problem: SELinux is preventing /opt/google/chrome/chrome-sandbox from 'write' accesses on the file oom_adj. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that chrome-sandbox should be allowed write access on the oom_adj file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects oom_adj [ file ] Source chrome-sandbox Source Path /opt/google/chrome/chrome-sandbox Port <Unknown> Host (removed) Source RPM Packages google-chrome-unstable-26.0.1384.2-176931.i386 Target RPM Packages Policy RPM selinux-policy-3.11.1-69.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.7.2-201.fc18.i686.PAE #1 SMP Fri Jan 11 22:30:06 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-01-17 01:28:03 YEKT Last Seen 2013-01-17 01:28:03 YEKT Local ID 410c7744-0651-446e-88e2-5063f81d016b Raw Audit Messages type=AVC msg=audit(1358364483.55:1171): avc: denied { write } for pid=14578 comm="chrome-sandbox" name="oom_adj" dev="proc" ino=2878910 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file type=SYSCALL msg=audit(1358364483.55:1171): arch=i386 syscall=openat success=no exit=EACCES a0=3 a1=804a567 a2=8001 a3=0 items=0 ppid=31129 pid=14578 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=pts1 comm=chrome-sandbox exe=/opt/google/chrome/chrome-sandbox subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chrome-sandbox,chrome_sandbox_t,unconfined_t,file,write audit2allow #============= chrome_sandbox_t ============== allow chrome_sandbox_t unconfined_t:file write; audit2allow -R #============= chrome_sandbox_t ============== allow chrome_sandbox_t unconfined_t:file write; Additional info: hashmarkername: setroubleshoot kernel: 3.7.2-201.fc18.i686.PAE type: libreport
Run AirMech game in Google Chrome Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Any updates?
Well this is a tough problem. Since I am not sure we want the confined process to be allowed to modify its parent process information. on the other hand I think the gnome-sandbox is saying pick me
pick me for oom killing.
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
Re-opening, as this appears to have become worse with recent Chrome versions (currently running google-chrome-stable-42.0.2311.135-1.x86_64). It looks like I get this every time I open a new tab (and telling the alert browser to ignore it doesn't seem to work). Would it be possible to get a dontaudit rule that can be enabled with a boolean?
Description of problem: Launch the latest stable version of Google Chrome Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: normal use Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: Al ejecutar el navegador apareció la alerta de SELinux Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: O SELinux detecta este problema todas as vezes que o Google Chrome é iniciado. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: Problemas entre google-chrome y netflix Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.i686 type: libreport
*** Bug 1193801 has been marked as a duplicate of this bug. ***
Description of problem: just install Chrome, and opened it for first time... Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.7-200.fc21.x86_64 type: libreport
Description of problem: I open my chrome browser for reab my cisco courses on 127.0.0.1. When I open chrome after closed firefox this error come. Thanks. Version-Release number of selected component: selinux-policy-3.13.1-99.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.x86_64 type: libreport
Description of problem: Sólo abrí el Google Chrome Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.x86_64 type: libreport
Description of problem: Cada vez que abro google chrome sale este error. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.7-200.fc21.x86_64 type: libreport
Description of problem: SELinux is preventing chrome-sandbox from write access on the file oom_score_adj. Plugin: catchall you want to allow chrome-sandbox to have write access on the oom_score_adj fileIf you believe that chrome-sandbox should be allowed write access on the oom_score_adj file by default. You should report this as a bug. You can generate a local policy module to allow this access. Allow this access for now by executing: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Version-Release number of selected component: selinux-policy-3.13.1-99.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.i686 type: libreport
Description of problem: After start Chrome browser. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.5-200.fc21.x86_64 type: libreport
Description of problem: ELinux is preventing chrome-sandbox from write access on the file oom_adj. ***** Plugin chrome (98.5 confidence) suggests **************************** If usted desea usar el paquete plugin Then debe apagar los controles SELinuxsobre los plugins Chrome. Do # setsebool -P unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests ************************** If cree que de manera predeterminada, chrome-sandbox debería permitir acceso write sobre oom_adj file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects oom_adj [ file ] Source chrome-sandbox Source Path chrome-sandbox Port <Unknown> Host larissa-pc.local Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-103.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name larissa-pc.local Platform Linux larissa-pc.local 3.17.7-300.fc21.x86_64 #1 SMP Wed Dec 17 03:08:44 UTC 2014 x86_64 x86_64 Alert Count 30 First Seen 2015-06-01 20:58:30 AST Last Seen 2015-06-01 21:05:45 AST Local ID 349361f4-d69a-4c97-8565-cbf6fad14708 Raw Audit Messages type=AVC msg=audit(1433207145.171:553): avc: denied { write } for pid=3189 comm="chrome-sandbox" name="oom_adj" dev="proc" ino=40152 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=0 Hash: chrome-sandbox,chrome_sandbox_t,unconfined_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-103.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.7-300.fc21.x86_64 type: libreport
Yes, given that this is worse now, happening with each tab opening, can we get some movement on it?
Description of problem: Problem appears to be related to youtube Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.x86_64 type: libreport
Description of problem: Opened Chrome with default tabs. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.x86_64 type: libreport
Lukas, could you back port fixes from F22.
Description of problem: After opened chrome a massege appears VLC bug Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.x86_64 type: libreport
Description of problem: Launching Chrome 43 Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.5-200.fc21.x86_64 type: libreport
Description of problem: SELinux is preventing chrome-sandbox from write access on the file oom_adj. Plugin: chrome si vuole usare il pacchetto %sSe si vuole usare il pacchetto plugin disabilitare i controlli SELinux sui plugin di Chrome. # setsebool -P unconfined_chrome_sandbox_transition 0 Plugin: catchall you want to allow chrome-sandbox to have write access on the oom_adj fileSe si crede che chrome-sandbox dovrebbe avere possibilità di accesso write sui oom_adj file in modo predefinito. Si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Consentire questo accesso per il momento eseguendo: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.5-200.fc21.x86_64 type: libreport
Description of problem: start of google chrome browser Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-202.fc21.x86_64 type: libreport
commit 8509671a99a0fa6b8eff15666fee7b60c8a1752b Author: Miroslav Grepl <mgrepl> Date: Tue May 12 11:42:53 2015 +0200 Dontaudit use console for chrome-sandbox. BZ(1216087) commit 5886bba0c6262619e08be29000bc82b78d66ce58 Author: Miroslav Grepl <mgrepl> Date: Wed May 13 13:11:46 2015 +0200 Dontaudit chrome-sandbox write access its parent process information. BZ(1220958)
selinux-policy-3.13.1-105.18.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.18.fc21
Description of problem: Error occurs when initially opening Google Chrome ver. 43. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.4-301.fc21.x86_64 type: libreport
Package selinux-policy-3.13.1-105.18.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.18.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10708/selinux-policy-3.13.1-105.18.fc21 then log in and leave karma (feedback).
Description of problem: I just launched Chrome. It opened without any tab: no web page was displayed. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.7-200.fc21.x86_64 type: libreport
selinux-policy-3.13.1-105.19.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.19.fc21
Description of problem: I launched Chrome and opened one page. Then I got 13 AVC, all the same. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.5-200.fc21.x86_64 type: libreport
Description of problem: 1. Open Chrome (In my case, from "Chrome App Launcher"). Occuring since first installed, though I do not recall if it was identical. Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.6-200.fc21.x86_64 type: libreport
selinux-policy-3.13.1-105.19.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.