Re: Latest chrome causing AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/17/2013 07:17 PM, Ed Greshko wrote:
> The latest chrome from Google was just installed on F18 (Version
> 28.0.1500.45)
> 
> It causes AVC ....
> 
> type=SYSCALL msg=audit(1371510820.873:4036): arch=c000003e syscall=56
> success=yes exit=7579 a0=60000011 a1=0 a2=0 a3=0 items=0 ppid=7569 pid=7575
> auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001
> fsgid=1001 ses=6 tty=(none) comm="chrome-sandbox"
> exe="/opt/google/chrome/chrome-sandbox"
> subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) 
> type=AVC msg=audit(1371510821.165:4037): avc:  denied  { create } for
> pid=7579 comm="chrome" name="libpeerconnection.log"
> scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file type=SYSCALL
> msg=audit(1371510821.165:4037): arch=c000003e syscall=2 success=no exit=-13
> a0=7f8c1b51e738 a1=441 a2=1b6 a3=ffffe000 items=0 ppid=0 pid=7579 auid=1001
> uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001
> fsgid=1001 ses=6 tty=(none) comm="chrome" exe="/opt/google/chrome/chrome"
> subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
> 
> The suggestion in the troubleshooter fails so....
> 
> [root@meimei tmp]# grep chrome /var/log/audit/audit.log | audit2allow -M
> chrome ******************** IMPORTANT *********************** To make this
> policy package active, execute:
> 
> semodule -i chrome.pp
> 
> [root@meimei tmp]# semodule -i chrome.pp 
> libsepol.print_missing_requirements: chrome's global requirements were not
> met: type/attribute chrome_sandbox_t (No such file or directory). 
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory). semodule:  Failed!
> 
> 
> Suggestion as to how to fix?
> 
This is a known bug in chrome,  Basically the libpeerconnection.log should not
be being created, and the package that is doing this should be using the
standard chrome logging system.

I believe there is a fix available in chrome for this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHAUAkACgkQrlYvE4MpobM72wCeMN5HZFTc2xA67d0XORF6iAsO
iDcAn3CBnCpA6X4xfPP5R9wR+u0AKsqw
=mtLO
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux