-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/17/2013 07:17 PM, Ed Greshko wrote:
The latest chrome from Google was just installed on F18 (Version
28.0.1500.45)
It causes AVC ....
type=SYSCALL msg=audit(1371510820.873:4036): arch=c000003e syscall=56
success=yes exit=7579 a0=60000011 a1=0 a2=0 a3=0 items=0 ppid=7569 pid=7575
auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001
fsgid=1001 ses=6 tty=(none) comm="chrome-sandbox"
exe="/opt/google/chrome/chrome-sandbox"
subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1371510821.165:4037): avc: denied { create } for
pid=7579 comm="chrome" name="libpeerconnection.log"
scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file type=SYSCALL
msg=audit(1371510821.165:4037): arch=c000003e syscall=2 success=no exit=-13
a0=7f8c1b51e738 a1=441 a2=1b6 a3=ffffe000 items=0 ppid=0 pid=7579 auid=1001
uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001
fsgid=1001 ses=6 tty=(none) comm="chrome"
exe="/opt/google/chrome/chrome"
subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
The suggestion in the troubleshooter fails so....
[root@meimei tmp]# grep chrome /var/log/audit/audit.log | audit2allow -M
chrome ******************** IMPORTANT *********************** To make this
policy package active, execute:
semodule -i chrome.pp
[root@meimei tmp]# semodule -i chrome.pp
libsepol.print_missing_requirements: chrome's global requirements were not
met: type/attribute chrome_sandbox_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory). semodule: Failed!
Suggestion as to how to fix?
This is a known bug in chrome, Basically the libpeerconnection.log should not
be being created, and the package that is doing this should be using the
standard chrome logging system.
I believe there is a fix available in chrome for this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlHAUAkACgkQrlYvE4MpobM72wCeMN5HZFTc2xA67d0XORF6iAsO
iDcAn3CBnCpA6X4xfPP5R9wR+u0AKsqw
=mtLO
-----END PGP SIGNATURE-----