SELinux
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 21 16:31:40 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/21/2011 11:20 AM, Genes MailLists wrote:
> On 01/21/2011 11:07 AM, Daniel J Walsh wrote:
>> sandbox -X -W metacity -t sandbox_web_t -H ~/sandbox/home
>> /opt/google/chrome/chrome
>
> Same thing - window starts and closes right away ..
I think it has something about namespaces.
If you run
sandbox -X -t sandbox_web_t xterm
Then launch chromium-browser from within the xterm, it complains about
Failed to move to new PID namespace:Operation not permitted.
Even in permissive mode.
I think this indicates that chromium tried to launch the
chromium-sandbox from within the SELinux sandbox. and the
chromium-sandbox wants to use its own namespace and this is not allowed.
So I guess this means you can not run chromium within a sandbox -X
environment.
sandbox -X -t sandbox_web_t firefox
Should work...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk05tOwACgkQrlYvE4MpobN7zACeKwOs+L/xweUswQQcZ7WU5s8X
T4gAoKPa+QkcbP+JSWrL0VdLS4zJftf4
=6Wsp
-----END PGP SIGNATURE-----
More information about the users
mailing list