Use a different name of module.Hi! I try to add a policy for chrome for allowing read access for stuff from LD_LIBRARY_PATH and i done this : [root@sev selinux]# cat chrome.audit | audit2allow -M chrome ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i chrome.pp [root@sev selinux]# semodule -i chrome.pp
libsepol.print_missing_requirements: chrome's global requirements were not met: type/attribute chrome_sandbox_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! with this : [root@sev selinux]# cat chrome.audit type=AVC msg=audit(1297435306.238:20321): avc: denied { read } for pid=22631 comm="chrome" name="clhep" dev=sda5 ino=8195388 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1297435306.238:20321): arch=c000003e syscall=2 success=no exit=-2 a0=7fffb3534570 a1=0 a2=0 a3=2f7065686c632f70 items=0 ppid=0 pid=22631 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=7 comm="chrome" exe="/opt/google/chrome/chrome" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) the sym link in question have this properties: adrian@sev: ~ $ ls -lZ /home/physics-tools/clhep/clhep lrwxrwxrwx. adrian adrian unconfined_u:object_r:user_home_t:SystemLow /home/physics-tools/clhep/clhep -> /home/physics-tools/clhep/2.1.0.0/ anybody any idea about the problem? Thanks! Adrian-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux