Description of problem: Just starting Google Chrome on Fedora 17 / x64 SELinux is preventing /opt/google/chrome/chrome from 'getattr' accesses on the file /home/antti/libpeerconnection.log. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /home/antti/libpeerconnection.log default label should be user_home_t. Then you can run restorecon. Do # /sbin/restorecon -v /home/antti/libpeerconnection.log ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that chrome should be allowed getattr access on the libpeerconnection.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_dir_t:s0 Target Objects /home/antti/libpeerconnection.log [ file ] Source chrome Source Path /opt/google/chrome/chrome Port <Unknown> Host (removed) Source RPM Packages google-chrome-stable-28.0.1500.71-209842.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-170.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.8-100.fc17.x86_64 #1 SMP Thu Jun 27 19:19:57 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-07-06 16:13:14 CEST Last Seen 2013-07-06 16:13:14 CEST Local ID c587d738-d190-4eba-ae50-06e35a4c3b4a Raw Audit Messages type=AVC msg=audit(1373119994.748:64): avc: denied { getattr } for pid=1767 comm="chrome" path="/home/antti/libpeerconnection.log" dev="dm-1" ino=264686 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file type=SYSCALL msg=audit(1373119994.748:64): arch=x86_64 syscall=fstat success=yes exit=0 a0=d a1=7fff0aebdd10 a2=7fff0aebdd10 a3=0 items=0 ppid=0 pid=1767 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chrome,chrome_sandbox_t,user_home_dir_t,file,getattr audit2allow #============= chrome_sandbox_t ============== allow chrome_sandbox_t user_home_dir_t:file getattr; audit2allow -R #============= chrome_sandbox_t ============== allow chrome_sandbox_t user_home_dir_t:file getattr; Additional info: hashmarkername: setroubleshoot kernel: 3.9.8-100.fc17.x86_64 type: libreport Potential duplicate: bug 967120
Hi Antti, I found out, this is google chrome bug in version 28, witch is now fixed in version 29. So, solution is update to UNSTABLE version 29 or wait until chrome developers release 29 as a stable, or you can edit /opt/google/chrome/google-chrome and add "cd /tmp", before the last line 'exec -a "$0" "$HERE/chrome" "$@"'