Bug 902489 - SELinux is preventing Chrome_ChildIOT from 'read' accesses on the file /home/msieprawski/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/RUSC24V7/macromedia.com/support/flashplayer/sys/settings.sol.
Summary: SELinux is preventing Chrome_ChildIOT from 'read' accesses on the file /home/...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:a10cadefc3f6392a7d64578a010...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-21 19:11 UTC by mateusz
Modified: 2013-01-21 20:59 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-01-21 20:59:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: type (9 bytes, text/plain)
2013-01-21 19:11 UTC, mateusz 		no flags Details
File: hashmarkername (14 bytes, text/plain)
2013-01-21 19:11 UTC, mateusz 		no flags Details
View All

Description mateusz 2013-01-21 19:11:22 UTC 
Additional info:
libreport version: 2.0.18
kernel:         3.6.11-5.fc17.x86_64

description:
:SELinux is preventing Chrome_ChildIOT from 'read' accesses on the file /home/msieprawski/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/RUSC24V7/macromedia.com/support/flashplayer/sys/settings.sol.
:
:*****  Plugin restorecon (99.5 confidence) suggests  *************************
:
:If aby naprawić etykietę. 
:domyślna etykieta /home/msieprawski/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/RUSC24V7/macromedia.com/support/flashplayer/sys/settings.sol powinna wynosić config_home_t.
:Then można wykonać polecenie restorecon.
:Do
:# /sbin/restorecon -v /home/msieprawski/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/RUSC24V7/macromedia.com/support/flashplayer/sys/settings.sol
:
:*****  Plugin catchall (1.49 confidence) suggests  ***************************
:
:If aby Chrome_ChildIOT powinno mieć domyślnie read dostęp do settings.sol file.
:Then proszę to zgłosić jako błąd.
:Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
:Do
:można tymczasowo zezwolić na ten dostęp wykonując polecenia:
:# grep Chrome_ChildIOT /var/log/audit/audit.log | audit2allow -M mojapolityka
:# semodule -i mojapolityka.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c
:                              0.c1023
:Target Context                unconfined_u:object_r:httpd_sys_content_t:s0
:Target Objects                /home/msieprawski/.config/google-
:                              chrome/Default/Pepper Data/Shockwave Flash/Writabl
:                              eRoot/#SharedObjects/RUSC24V7/macromedia.com/suppo
:                              rt/flashplayer/sys/settings.sol [ file ]
:Source                        Chrome_ChildIOT
:Source Path                   Chrome_ChildIOT
:Port                          <Nieznane>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-166.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.6.11-5.fc17.x86_64 #1 SMP Tue
:                              Jan 8 21:40:51 UTC 2013 x86_64 x86_64
:Alert Count                   13
:First Seen                    2013-01-21 18:58:56 CET
:Last Seen                     2013-01-21 20:09:38 CET
:Local ID                      89451216-9215-4d27-85fc-6e83b5c09c9c
:
:Raw Audit Messages
:type=AVC msg=audit(1358795378.964:224): avc:  denied  { read } for  pid=17544 comm="Chrome_ChildIOT" path=2F686F6D652F6D73696570726177736B692F2E636F6E6669672F676F6F676C652D6368726F6D652F44656661756C742F50657070657220446174612F53686F636B7761766520466C6173682F5772697461626C65526F6F742F235368617265644F626A656374732F52555343323456372F6D6163726F6D656469612E636F6D2F737570706F72742F666C617368706C617965722F7379732F73657474696E67732E736F6C dev="sda5" ino=5768357 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
:
:
:Hash: Chrome_ChildIOT,chrome_sandbox_t,httpd_sys_content_t,file,read
:
:audit2allow
:
:#============= chrome_sandbox_t ==============
:allow chrome_sandbox_t httpd_sys_content_t:file read;
:
:audit2allow -R
:
:#============= chrome_sandbox_t ==============
:allow chrome_sandbox_t httpd_sys_content_t:file read;
:
Comment 1 mateusz 2013-01-21 19:11:26 UTC 
Created attachment 684527 [details]
File: type
Comment 2 mateusz 2013-01-21 19:11:29 UTC 
Created attachment 684528 [details]
File: hashmarkername
Comment 3 Daniel Walsh 2013-01-21 20:59:12 UTC 
Looks like this is milabeled?
/home/msieprawski/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/RUSC24V7/macromedia.com/support/flashplayer/sys/settings.sol.
:

restorecon -R -v ~/
Note You need to log in before you can comment on or make changes to this bug.