View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017641 | CentOS-7 | selinux-policy | public | 2020-08-02 14:09 | 2020-08-02 14:09 |
| Reporter | luiseb | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0017641: SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'execute' accesses on the archivo /home/sioux/.config... | ||||
| Description | Description of problem: SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'execute' accesses on the archivo /home/sioux/.config/chromium/WidevineCdm/4.10.1610.0/_platform_specific/linux_x64/libwidevinecdm.so. ***** Plugin chrome (98.5 confidence) suggests **************************** Si quiere usar el paquete plugin Then debe desactivar los controles SELinux sobre las extensiones de Chrome. Do # setsebool -P unconfined_chrome_sandbox_transition 0 ***** Plugin catchall (2.46 confidence) suggests ************************** Si cree que de manera predeterminada se debería permitir a chromium-browser el acceso execute sobre libwidevinecdm.so file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'chromium-browse' --raw | audit2allow -M mi-chromiumbrowse # semodule -i mi-chromiumbrowse.pp Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:mozilla_home_t:s0 Target Objects /home/sioux/.config/chromium/WidevineCdm/4.10.1610 .0/_platform_specific/linux_x64/libwidevinecdm.so [ file ] Source chromium-browse Source Path /usr/lib64/chromium-browser/chromium-browser Port <Unknown> Host (removed) Source RPM Packages chromium-83.0.4103.116-3.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-266.el7_8.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2020-08-02 14:34:10 CEST Last Seen 2020-08-02 15:32:07 CEST Local ID 37b44d10-a572-4df0-a903-aa3cbdd965fa Raw Audit Messages type=AVC msg=audit(1596375127.911:449): avc: denied { execute } for pid=3384 comm="chromium-browse" path="/home/sioux/.config/chromium/WidevineCdm/4.10.1610.0/_platform_specific/linux_x64/libwidevinecdm.so" dev="sda2" ino=269290477 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mozilla_home_t:s0 tclass=file type=SYSCALL msg=audit(1596375127.911:449): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=8ea1f8 a2=5 a3=802 items=0 ppid=3382 pid=3384 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=chromium-browse exe=/usr/lib64/chromium-browser/chromium-browser subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null) Hash: chromium-browse,chrome_sandbox_t,mozilla_home_t,file,execute Version-Release number of selected component: selinux-policy-3.13.1-266.el7_8.1.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 39410af5d85167f52489c3db81dbab0b6abf8eb829cfb1d8f08fa1dde2a28a26 | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-08-02 14:09 | luiseb | New Issue |
