Description of problem: Using NVIDIA official drivers packaged by RPM Fusion SELinux is preventing /opt/google/chrome/nacl_helper_bootstrap from 'execmod' accesses on the file /usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88. ***** Plugin file (36.8 confidence) suggests ******************************* If cree que esto es causado por una maquina muy mal etiquetada. Then necesita reetiquetar completamente. Do touch /.autorelabel; reboot ***** Plugin file (36.8 confidence) suggests ******************************* If cree que esto es causado por una maquina muy mal etiquetada. Then necesita reetiquetar completamente. Do touch /.autorelabel; reboot ***** Plugin catchall_labels (23.2 confidence) suggests ******************** If you want to allow nacl_helper_bootstrap to have execmod access on the libnvidia-glcore.so.304.88 file Then necesita modificar la etiqueta en /usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88 Do # semanage fcontext -a -t FILE_TYPE '/usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88' donde FILE_TYPE es uno de los siguientes: lib_t, textrel_shlib_t. Luego ejecute: restorecon -v '/usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88' ***** Plugin catchall (5.04 confidence) suggests *************************** If cree que de manera predeterminada, nacl_helper_bootstrap debería permitir acceso execmod sobre libnvidia-glcore.so.304.88 file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep nacl_helper_boo /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0 Target Context system_u:object_r:file_t:s0 Target Objects /usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88 [ file ] Source nacl_helper_boo Source Path /opt/google/chrome/nacl_helper_bootstrap Port <Desconocido> Host (removed) Source RPM Packages google-chrome-stable-28.0.1500.95-213514.i386 Target RPM Packages xorg-x11-drv-nvidia-304xx-libs-304.88-12.fc19.i686 Policy RPM selinux-policy-3.12.1-66.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.3-300.fc19.i686.PAE #1 SMP Fri Jul 26 00:12:34 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-08-01 12:56:31 CEST Last Seen 2013-08-01 12:56:31 CEST Local ID fb49edad-ba6e-4d31-91f5-3c062a831686 Raw Audit Messages type=AVC msg=audit(1375354591.288:233): avc: denied { execmod } for pid=2347 comm="nacl_helper_boo" path="/usr/lib/nvidia-304xx/libnvidia-glcore.so.304.88" dev="dm-1" ino=3932166 scontext=unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1375354591.288:233): arch=i386 syscall=mprotect success=yes exit=0 a0=b4159000 a1=1ebe000 a2=5 a3=bf9b00e0 items=0 ppid=1 pid=2347 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=3 tty=(none) comm=nacl_helper_boo exe=/opt/google/chrome/nacl_helper_bootstrap subj=unconfined_u:unconfined_r:chrome_sandbox_nacl_t:s0 key=(null) Hash: nacl_helper_boo,chrome_sandbox_nacl_t,file_t,file,execmod Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.10.3-300.fc19.i686.PAE type: libreport
file_t means you have a mislabeled file restorecon -R -v /usr Should fix your problem.