Miroslav Grepl: > On 05/13/2014 08:49 PM, Robert Horovitz wrote: >>> # yum update selinux-policy-sandbox policycoreutils-sandbox >>> --enablerepo=updates-testing >>> >> selinux-policy-sandbox was not present on my system, I installed it now. >> >> rpm -qa \*sandbox >> selinux-policy-sandbox-3.12.1-161.fc20.noarch >> policycoreutils-sandbox-2.2.5-4.fc20.x86_64 >> >> It still doesn't work: >> >> sandbox -X -t sandbox_web_t firefox >> Failed to execute command /usr/share/sandbox/sandboxX.sh: Operation not >> permitted >> >> going to downgrade libcap-ng again... >> > Yes, I apologize. > > You need to install the latest selinux-policy-targeted and > selinux-policy pkgs from > > http://koji.fedoraproject.org/koji/buildinfo?buildID=516627 > > or from updates-testing repo. > does not work for me, but the error is different, now I get AVCs. type=AVC msg=audit(1400172843.275:385): avc: denied { connectto } for pid=24118 comm="Xephyr" path=002F746D702F2E5831312D756E69782F5830 scontext=unconfined_u:unconfined_r:sandbox_web_t:s0:c190,c873 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_stream_socket -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
