[wellylug] SELinux Security Alerts with Google Webmail (not with TelstraClear Webmail)
Daniel Pittman
daniel at rimspace.net
Fri Apr 23 23:22:21 NZST 2010
marchetti <marchetti at clear.net.nz> writes:
> Every time I log on to my Google account I get this. Not so with
> Clear.net.NZ webmail.
>
> Summary:
>
> SELinux is preventing chrome "open" access on
> /opt/google/chrome/chrome.pak.
[...]
> Do I have a security problem?
No. Well, it might be fair to say yes: your security is causing you a
problem. ;)
> Or should I generate a local policy module to allow access?
Yes. One that allows the chrome process full control over /opt/google/chrome
would be the easiest form, especially as you don't control upstream, and they
have their own detailed, fine-grained, internal security model — which might
make it hard to keep up with changes yourself.
I am vaguely surprised they don't ship some SELinux support in the RPM
package, though...
Daniel
--
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
More information about the wellylug
mailing list