View Issue Details

IDProjectCategoryView StatusLast Update
0017641CentOS-7selinux-policypublic2020-08-02 14:09
Reporterluiseb 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0017641: SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'execute' accesses on the archivo /home/sioux/.config...
DescriptionDescription of problem:
SELinux is preventing /usr/lib64/chromium-browser/chromium-browser from 'execute' accesses on the archivo /home/sioux/.config/chromium/WidevineCdm/4.10.1610.0/_platform_specific/linux_x64/libwidevinecdm.so.

***** Plugin chrome (98.5 confidence) suggests ****************************

Si quiere usar el paquete plugin
Then debe desactivar los controles SELinux sobre las extensiones de Chrome.
Do
# setsebool -P unconfined_chrome_sandbox_transition 0

***** Plugin catchall (2.46 confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a chromium-browser el acceso execute sobre libwidevinecdm.so file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'chromium-browse' --raw | audit2allow -M mi-chromiumbrowse
# semodule -i mi-chromiumbrowse.pp

Additional Information:
Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c
                              0.c1023
Target Context unconfined_u:object_r:mozilla_home_t:s0
Target Objects /home/sioux/.config/chromium/WidevineCdm/4.10.1610
                              .0/_platform_specific/linux_x64/libwidevinecdm.so
                              [ file ]
Source chromium-browse
Source Path /usr/lib64/chromium-browser/chromium-browser
Port <Unknown>
Host (removed)
Source RPM Packages chromium-83.0.4103.116-3.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-266.el7_8.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2020-08-02 14:34:10 CEST
Last Seen 2020-08-02 15:32:07 CEST
Local ID 37b44d10-a572-4df0-a903-aa3cbdd965fa

Raw Audit Messages
type=AVC msg=audit(1596375127.911:449): avc: denied { execute } for pid=3384 comm="chromium-browse" path="/home/sioux/.config/chromium/WidevineCdm/4.10.1610.0/_platform_specific/linux_x64/libwidevinecdm.so" dev="sda2" ino=269290477 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mozilla_home_t:s0 tclass=file


type=SYSCALL msg=audit(1596375127.911:449): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=8ea1f8 a2=5 a3=802 items=0 ppid=3382 pid=3384 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=chromium-browse exe=/usr/lib64/chromium-browser/chromium-browser subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)

Hash: chromium-browse,chrome_sandbox_t,mozilla_home_t,file,execute

Version-Release number of selected component:
selinux-policy-3.13.1-266.el7_8.1.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash39410af5d85167f52489c3db81dbab0b6abf8eb829cfb1d8f08fa1dde2a28a26
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-08-02 14:09 luiseb New Issue