google-chrome + selinux + ecryptfs
Pal, Laszlo
vlad at vlad.hu
Fri Jun 13 08:44:47 UTC 2014
Ecryptfs working perfectly for other stuff, this kind of problem only
occurred with certain plugins and chrome applications, so it is clear
to me this is maybe some poor programming in chrome... and I know
maybe I shouldn't use it :) but there is some features I need for my
daily work only available in chrome and not in firefox :(
so, this is why I asked if someone else already experienced such issue
and maybe found a workaround, so SELinux can stay enabled :) or at
least maybe some direction to the right documentation where I can try
to create some rule enable what is denied here (audit.log always
confuses me :)). From the last two line it seems some transition, but
I'm not sure
Thanks a lot
Laszlo
L:
On 13 June 2014 06:38, Daniel J Walsh <dwalsh at redhat.com> wrote:
> How is ecryptfs supposed to work?
>
>
> On 06/12/2014 03:13 PM, Pal, Laszlo wrote:
>
> node= type=SYSCALL msg=audit(1402610675.802:3612): arch=c000003e
> syscall=47 success=yes exit=1 a0=12 a1=7f4cb29bb490 a2=40 a3=2 items=0
> ppid=8 pid=13635 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
> fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2
> comm="Chrome_ChildIOT" exe="/opt/google/chrome/chrome"
> subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
> key=(null)
> node=tohuvabohu.balabit type=AVC msg=audit(1402610675.802:3613)
> : avc:
> denied { write } for pid=13634 comm="chrome"
> path="/home/.ecryptfs/vlad/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gSom1uZp3eGnWRADC8b67AE--/ECRYPTFS_FNEK_ENCRYPTED.FXbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gTtA3nsOQygKTjpvYs63foAeJEpmcXUfgP6gU.7wmAuY-/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7g5coEDCbOTnV-amR0ZN6y1---/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gT3djTOmDHoPUHtuBzF97EU--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7geU1qaFnPHLsuy1RmqbGnBE--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7glEd5RSiZ49p5vw44TzFM3E--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gKBDK1Q1GxCxyo3TiIlYCnE--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gmuai.t4ZEmP-LatO12SQ.E--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gIB221z5L1BsC-c-sHPGaQ---/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gqsU3WtY8Frzmt!
> cENIeC0CE-
> -/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gt-ZfSVe491Z7eplRchJ3qE--/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gSHKUZ6b8Mf6vlIo3pRzAj---/ECRYPTFS_FNEK_ENCRYPTED.FWbWvaw.Yvr95kQA2hcGEJHBUib4Wf3DUd7gC2jhQP5bAQcJMOMBLlUW1U--"
> dev="dm-2" ino=16123428
> scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:ecryptfs_t:s0 tclass=file
>
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
More information about the users
mailing list