Selinux beating up on Chromium
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 17 20:23:00 UTC 2010
On 06/17/2010 04:00 PM, Jim wrote:
> FC13/KDE
>
> setroubleshoot: SELinux is preventing
> /usr/lib64/chromium-browser/chrome-sandbox "net_raw" access . For
> complete SELinux messages. run sealert -l
> 68797c25-9748-4ab8-b020-f63a80f543a7
>
> I run the sealert -l 68797c25-9748-4ab8-b020-f63a80f543a7 and that
> doesn't stop error message.
>
> In about a hour and a half I get the same error message.
We know about it but do not know what is going on. We definitely do not
want to allow the chrome-sandbox raw access to your network.
If you want to shut it up, you can use audit2allow to create a module to
dontaudit it.
# grep net_raw /var/log/audit/audit.log | audit2allow -D -M mychrome
# semodule -i mycrhome.pp
More information about the users
mailing list