[wellylug] SELinux Security Alerts with Google Webmail (not with TelstraClear Webmail)

marchetti marchetti at clear.net.nz
Fri Apr 23 22:20:26 NZST 2010


 
Every time I log on to my Google account I get this. Not so
with Clear.net.NZ webmail.

Summary:

SELinux is preventing chrome "open" access on
/opt/google/chrome/chrome.pak.

Detailed Description:

SELinux denied access requested by chrome. It is not
expected that this access
is required by chrome and this access may signal an
intrusion attempt. It is
also possible that the specific version or configuration of
the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access
- see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Please file a bug
report.

Additional Information:

Source Context               
unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c
                              0.c1023
Target Context                system_u:object_r:usr_t:s0
Target Objects                /opt/google/chrome/chrome.pak
[ file ]
Source                        chrome
Source Path                   chrome
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages          
google-chrome-beta-5.0.342.9-43360
Policy RPM                    selinux-policy-3.6.32-110.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed)
2.6.32.11-99.fc12.i686 #1 SMP Mon
                              Apr 5 16:32:08 EDT 2010 i686
i686
Alert Count                   1
First Seen                    Fri 23 Apr 2010 09:44:02 PM
NZST
Last Seen                     Fri 23 Apr 2010 09:44:02 PM
NZST
Local ID                     
0c851217-29e6-4fbe-89c6-cc66d39eb9e5
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1272015842.451:21):
avc: 
denied  { open } for  pid=2309 comm="chrome"
name="chrome.pak" dev=dm-0 ino=262517
scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0
c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

Do I have a security problem? Or should I generate a local
policy module to allow access?




More information about the wellylug mailing list