error :: chrome's global requirements were not met
Miroslav Grepl
mgrepl at redhat.com
Mon Feb 14 14:25:28 UTC 2011
On 02/11/2011 09:37 PM, Adrian Sevcenco wrote:
> Hi! I try to add a policy for chrome for allowing read access for stuff
> from LD_LIBRARY_PATH
> and i done this :
> [root at sev selinux]# cat chrome.audit | audit2allow -M chrome
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
>
> semodule -i chrome.pp
>
> [root at sev selinux]# semodule -i chrome.pp
Use a different name of module.
# cat chrome.audit | audit2allow -M mychrome
# semodule -i mychrome.pp
You can dontaudit it using
# cat chrome.audit | audit2allow -D -M mychrome
# semodule -i mychome.pp
> libsepol.print_missing_requirements: chrome's global requirements were
> not met: type/attribute chrome_sandbox_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule: Failed!
>
> with this :
>
> [root at sev selinux]# cat chrome.audit
> type=AVC msg=audit(1297435306.238:20321): avc: denied { read } for
> pid=22631 comm="chrome" name="clhep" dev=sda5 ino=8195388
> scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1297435306.238:20321): arch=c000003e syscall=2
> success=no exit=-2 a0=7fffb3534570 a1=0 a2=0 a3=2f7065686c632f70 items=0
> ppid=0 pid=22631 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) ses=7 comm="chrome"
> exe="/opt/google/chrome/chrome"
> subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
>
> the sym link in question have this properties:
>
> adrian at sev: ~ $ ls -lZ /home/physics-tools/clhep/clhep
> lrwxrwxrwx. adrian adrian unconfined_u:object_r:user_home_t:SystemLow
> /home/physics-tools/clhep/clhep -> /home/physics-tools/clhep/2.1.0.0/
>
>
> anybody any idea about the problem?
> Thanks!
> Adrian
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110214/8f5e90d0/attachment.html
More information about the selinux
mailing list