-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/23/2011 06:29 AM, GSO wrote:
> This thread went offline, however to bring things back online, it
> appears at least the binary download (running on SL6) of Firefox 5 just
> released does not work in the sandbox either.  The SELinux audit
> messages are:
>
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class dir not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission execmod in class
> dir not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class lnk_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission open in class
> lnk_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission execmod in class
> lnk_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class chr_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class blk_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission execmod in class
> blk_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class sock_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission execmod in class
> sock_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission audit_access in
> class fifo_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission execmod in class
> fifo_file not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux:  Permission syslog in class
> capability2 not defined in policy.
> Jun 22 21:40:22 localhost kernel: SELinux: the above unknown classes and
> permissions will be allowed
> Jun 22 21:40:24 localhost dbus: avc:  received policyload notice (seqno=5)
> Jun 22 21:40:24 localhost dbus: avc:  received policyload notice (seqno=5)
> Jun 22 21:40:24 localhost dbus: avc:  received policyload notice (seqno=5)
> Jun 22 21:40:24 localhost dbus: avc:  received policyload notice (seqno=5)
> Jun 22 21:40:24 localhost dbus: avc:  received policyload notice (seqno=5)
> Jun 22 21:40:24 localhost dbus: [system] Reloaded configuration
>
> The sandbox window starts up but crashes before any sign of FF
> materialises, works fine in permissive mode or unsandboxed otherwise.
>  I've put the FF binaries in /opt.
>
> On 19 June 2011 17:53, Dominick Grift <domg472@gmail.com

> <mailto:domg472@gmail.com>> wrote:
>
>
>
>     On Sun, 2011-06-19 at 13:57 +0100, GSO wrote:
>     > The default build using the google repos results in chromium
>     grinding to a
>     > halt with a black window when run in a sandbox.  Is it technically
>     possible
>     > to run chrome in a sandbox, would building from source fix this at
>     all?
>
>     I do not think it will work since both sandbox an chrome use namespace
>     and chrome cant run if sandbox already runs in a namespace (or something
>     along those lines is my understanding if this issue)
>
>     > --
>     > selinux mailing list
>     > selinux@lists.fedoraproject.org

>     <mailto:selinux@lists.fedoraproject.org>

>     > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

I looked for firefox5 x86_64 and did not quickly find it, if you know
where there is a link, I will look into what is going on, otherwise I
will wait until Fedora Packages it.  It does seem strange that you are
getting those

 Permission audit_access in class sock_file not defined in policy.

errors, What OS are you using?  What kernel?