Bug 976322 - SELinux is preventing /opt/google/chrome/chrome from append, open access on the file /home/lewish/libpeerconnection.log.
Summary: SELinux is preventing /opt/google/chrome/chrome from append, open access on t...
Keywords:
Status: CLOSED DUPLICATE of bug 975393
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:4f001df86e0802e07194fc68413...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-20 11:27 UTC by lewishyu
Modified: 2013-06-20 13:08 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-06-20 13:08:39 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description lewishyu 2013-06-20 11:27:08 UTC 
Description of problem:
After opened chrome browser, this message appears on screen.
SELinux is preventing /opt/google/chrome/chrome from append, open access on the file /home/lewish/libpeerconnection.log.

*****  Plugin restorecon (99.5 confidence) suggests  *************************

If 您希望修正標籤。 
/home/lewish/libpeerconnection.log 預設標籤應為 user_home_t。
Then 您可以執行 restorecon。
Do
# /sbin/restorecon -v /home/lewish/libpeerconnection.log

*****  Plugin catchall (1.49 confidence) suggests  ***************************

If 您認為 chrome 就預設值應擁有 libpeerconnection.log file 的 append open 存取權。
Then 您應將此回報為錯誤。
您可產生本機模組,以允許這項存取。
Do
現在透過執行以下指令來允許此存取:
# grep chrome /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_dir_t:s0
Target Objects                /home/lewish/libpeerconnection.log [ file ]
Source                        chrome
Source Path                   /opt/google/chrome/chrome
Port                          <未知>
Host                          (removed)
Source RPM Packages           google-chrome-stable-28.0.1500.52-207119.i386
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-169.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.8.13-100.fc17.i686.PAE #1 SMP
                              Mon May 13 13:45:03 UTC 2013 i686 i686
Alert Count                   1
First Seen                    2013-06-20 19:23:04 CST
Last Seen                     2013-06-20 19:23:04 CST
Local ID                      67ec7a82-9a7e-418a-8da1-820cdeca7936

Raw Audit Messages
type=AVC msg=audit(1371727384.855:559): avc:  denied  { append open } for  pid=20855 comm="chrome" path="/home/lewish/libpeerconnection.log" dev="dm-2" ino=787054 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file


type=SYSCALL msg=audit(1371727384.855:559): arch=i386 syscall=open success=no exit=EACCES a0=b98a3a8c a1=8441 a2=1b6 a3=b98cbb00 items=0 ppid=0 pid=20855 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)

Hash: chrome,chrome_sandbox_t,user_home_dir_t,file,append,open

audit2allow

#============= chrome_sandbox_t ==============
allow chrome_sandbox_t user_home_dir_t:file { open append };

audit2allow -R

#============= chrome_sandbox_t ==============
allow chrome_sandbox_t user_home_dir_t:file { open append };


Additional info:
hashmarkername: setroubleshoot
kernel:         3.8.13-100.fc17.i686.PAE
type:           libreport

Potential duplicate: bug 975393
Comment 1 Miroslav Grepl 2013-06-20 13:08:39 UTC 

*** This bug has been marked as a duplicate of bug 975393 ***
Note You need to log in before you can comment on or make changes to this bug.