Here is the SELinux Alert "Details":
["Details" Start]
SELinux is preventing /opt/google/chrome/chrome from write access on the
directory /home/rick/.sage.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that chrome should be allowed write access on the .sage
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep chrome /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context
unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c
0.c1023
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects /home/rick/.sage [ dir ]
Source chrome
Source Path /opt/google/chrome/chrome
Port <Unknown>
Host steelers.net
Source RPM Packages google-chrome-stable-28.0.1500.71-209842.i386
Target RPM Packages
Policy RPM selinux-policy-3.10.0-170.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name steelers.net
Platform Linux steelers.net 3.9.10-100.fc17.i686.PAE
#1 SMP
Sun Jul 14 01:34:14 UTC 2013 i686 i686
Alert Count 1
First Seen 2013-07-30 13:17:57 EDT
Last Seen 2013-07-30 13:17:57 EDT
Local ID d984be81-6864-452c-974b-4cecba51149b
Raw Audit Messages
type=AVC msg=audit(1375204677.41:5388): avc: denied { write } for
pid=12239 comm="chrome" name=".sage" dev="dm-2" ino=3802163
scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1375204677.41:5388): arch=i386 syscall=open
success=no exit=EACCES a0=b7eb6a5c a1=8441 a2=1b6 a3=b7edeb00 items=0
ppid=0 pid=12239 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001
egid=1001 sgid=1001 fsgid=1001 ses=694 tty=pts1 comm=chrome
exe=/opt/google/chrome/chrome
subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
Hash: chrome,chrome_sandbox_t,user_home_t,dir,write
audit2allow
#============= chrome_sandbox_t ==============
#!!!! The source type 'chrome_sandbox_t' can write to a 'dir' of the
following types:
# home_cert_t, user_home_dir_t, cgroup_t, tmpfs_t, tmp_t,
user_fonts_cache_t, chrome_sandbox_tmpfs_t, chrome_sandbox_tmp_t
allow chrome_sandbox_t user_home_t:dir write;
audit2allow -R
#============= chrome_sandbox_t ==============
#!!!! The source type 'chrome_sandbox_t' can write to a 'dir' of the
following types:
# home_cert_t, user_home_dir_t, cgroup_t, tmpfs_t, tmp_t,
user_fonts_cache_t, chrome_sandbox_tmpfs_t, chrome_sandbox_tmp_t
allow chrome_sandbox_t user_home_t:dir write;
["Details" End]
On Tuesday, July 30, 2013 11:21:13 AM UTC-4, Volker Braun wrote:
>
> post the actual log message
>
>
> On Tuesday, July 30, 2013 10:35:08 AM UTC-4, rickhg12hs wrote:
>>
>> Which log do you mean?
>>
>> Steps to reproduce:
>> $ ./sage -notebook
>>
>> An SELinux alert every time. Sage notebook still works fine though.
>>
>> Help request posted to Google Chrome group:
>> http://productforums.google.com/forum/#!category-topic/chrome/linux/5Qs_g0yofKk
>>
>>
>> On Tuesday, July 30, 2013 10:22:16 AM UTC-4, Volker Braun wrote:
>>>
>>> Works on Fedora 19, maybe you can post a part of your log? Steps to
>>> reproduce?
>>>
>>>
>>> On Monday, July 29, 2013 11:11:48 PM UTC-4, rickhg12hs wrote:
>>>>
>>>> Sage 5.10 Notebook, Fedora 17 with SELinux set to Enforcing.
>>>>
>>>> SELinux is preventing /opt/google/chrome/chrome from 'write'
>>>> accesses on the directory /home/MyHomeDir/.sage.
>>>>
>>>> Is this expected? Should I allow write access by creating a local
>>>> exception for SELinux?
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"sage-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-support.
For more options, visit https://groups.google.com/groups/opt_out.
