On Thu, Feb 27, 2014 at 1:38 PM, Ed K. <ed@xxxxxxx> wrote: > On Thu, 27 Feb 2014, Dale Dellutri wrote: > >>> On 02/27/14 05:50, Dale Dellutri wrote: >>>> >>>> I did this and set selinux back to enforcing. google-chrome >>>> is now working as it should. >>> >>> >>> Good to see it is OK now. FWIW, I have a fully updated F20 system. I'm >>> using KDE and google chrome and I am not seeing any problems when I visit >>> your website. >> >> >> Yes, it's fixed now. The original problem occurred because I added a >> directory >> of private fonts to /usr/share/fonts/, but I did not adjust the >> selinux context for >> that directory. The ausearch suggested by Daniel Walsh discovered the >> problem. >> >> I really must learn more about the care and feeding of selinux if I'm >> going to >> use it. >> > > Dale, I've been having the same problem. But with $HOME/.fonts > > What chcon command did you use to permit chrome to read the fonts directory? I didn't use chcon. Instead I followed the suggestions of Daniel Walsh (look upthread): ===== Are you seeing any AVCs? ausearch -m avc -ts recent You can turn off SELinux confinement of chrome sandbox, with setsebool -P unconfined_chrome_sandbox_transition=0 ===== It's that second command, setsebool, that did it. Curiously, I realized that I did not have this problem on an earlier desktop setup even though I did add that directory of fonts in /usr/share/fonts. It didn't cause a problem in that case because I had the selinux-policy bug (see: https://fedoraproject.org/wiki/Common_F20_bugs#rpm-scriptlets-fail) and I applied the workaround which re-adjusted the selinux policies of the entire system (including the new directory in /usr/share/fonts). But I don't know what selinux command was run. It was embedded in the update. Like I said, I really need to learn the care and feeding of selinux if I'm going to use it. My advice to you is to google something like "relabel selinux policy". If you do find the right command to apply to $HOME/.fonts, please post here. > > ed > > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Dale Dellutri -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
