-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/23/2011 06:29 AM, GSO wrote: > This thread went offline, however to bring things back online, it > appears at least the binary download (running on SL6) of Firefox 5 just > released does not work in the sandbox either. The SELinux audit > messages are: > > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class dir not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class > dir not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class lnk_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission open in class > lnk_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class > lnk_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class chr_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class blk_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class > blk_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class sock_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class > sock_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in > class fifo_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class > fifo_file not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: Permission syslog in class > capability2 not defined in policy. > Jun 22 21:40:22 localhost kernel: SELinux: the above unknown classes and > permissions will be allowed > Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) > Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) > Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) > Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) > Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) > Jun 22 21:40:24 localhost dbus: [system] Reloaded configuration > > The sandbox window starts up but crashes before any sign of FF > materialises, works fine in permissive mode or unsandboxed otherwise. > I've put the FF binaries in /opt. > > On 19 June 2011 17:53, Dominick Grift <domg472@xxxxxxxxx > <mailto:domg472@xxxxxxxxx>> wrote: > > > > On Sun, 2011-06-19 at 13:57 +0100, GSO wrote: > > The default build using the google repos results in chromium > grinding to a > > halt with a black window when run in a sandbox. Is it technically > possible > > to run chrome in a sandbox, would building from source fix this at > all? > > I do not think it will work since both sandbox an chrome use namespace > and chrome cant run if sandbox already runs in a namespace (or something > along those lines is my understanding if this issue) > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:selinux@xxxxxxxxxxxxxxxxxxxxxxx> > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux I looked for firefox5 x86_64 and did not quickly find it, if you know where there is a link, I will look into what is going on, otherwise I will wait until Fedora Packages it. It does seem strange that you are getting those Permission audit_access in class sock_file not defined in policy. errors, What OS are you using? What kernel? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4DMBcACgkQrlYvE4MpobMJCACgy6ZiWfFmuOIjpeyAC/aIUTi0 fZkAnRadq7pW+O1/DKN35gvhfPblbuxm =yBK/ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
