Description of problem: Tried to open an html document with the --allow-file-access-from-files flag set. Browser opened as expected without any problem, however an AVC Denial message popped up. SELinux is preventing /opt/google/chrome/chrome from 'write' accesses on the directory /home/sayak/Work/Docs/wordpress-webos/wordpress.application. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that chrome should be allowed write access on the wordpress.application directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/sayak/Work/Docs/wordpress- webos/wordpress.application [ dir ] Source chrome Source Path /opt/google/chrome/chrome Port <Unknown> Host (removed) Source RPM Packages google-chrome-stable-28.0.1500.45-205727.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-52.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-06-19 20:34:36 IST Last Seen 2013-06-19 20:34:36 IST Local ID 59d052a5-cd4c-44d6-a13a-b8ae8bd9b98b Raw Audit Messages type=AVC msg=audit(1371654276.177:533): avc: denied { write } for pid=6149 comm="chrome" name="wordpress.application" dev="dm-2" ino=1182979 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir type=SYSCALL msg=audit(1371654276.177:533): arch=x86_64 syscall=open success=no exit=EACCES a0=7f9b1e4ba528 a1=441 a2=1b6 a3=ffffe000 items=0 ppid=0 pid=6149 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=pts0 comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chrome,chrome_sandbox_t,user_home_t,dir,write Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.5-301.fc19.x86_64 type: libreport
I think this would prevent you from modifying the file
You can turn off the SELinux confinement setsebool -P unconfined_chrome_sandbox_transition 0
(In reply to Daniel Walsh from comment #2) > You can turn off the SELinux confinement > > setsebool -P unconfined_chrome_sandbox_transition 0 Seems like it solves the problem! No more AVC denials popping out. Thanks Daniel! :-)
*** Bug 983770 has been marked as a duplicate of this bug. ***