FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 09-24-2012, 06:53 PM
"Paweł Hajdan, Jr."
Default testing selinux-chromium, problem with xdg file contexts

I installed selinux-chromium for testing, and chromium failed to start
in SELinux enforcing mode:

$ chromium
[2557:2557:1727940797:ERRORrocess_singleton_linux .cc(263)] Failed to
create /home/ph/.config/chromium/SingletonLock: Permission denied
[2557:2557:1727941544:ERROR:chrome_browser_main.cc( 1552)] Failed to
create a ProcessSingleton for your profile directory. This means that
running multiple instances would start multiple browser processes rather
than opening a new window in the existing process. Aborting now to avoid
profile corruption.

audit messages:

# audit2allow -d
#============= chromium_t ==============
allow chromium_t xdg_config_home_t:file create;
allow chromium_t xdg_config_home_t:lnk_file { read create };

[ 107.872466] type=1400 audit(1348505952.982:67): avc: denied { read
} for pid=2166 comm="chrome" name="SingletonLock" dev="sda1" ino=522327
tcontext=unconfined_ubject_r:xdg_config_home_t tclass=lnk_file
[ 107.873916] type=1400 audit(1348505952.983:68): avc: denied {
create } for pid=2178 comm="Chrome_FileThre"
tcontext=unconfined_ubject_r:xdg_config_home_t tclass=file

Now the problem is these files should have context
chromium_xdg_config_t, but have xdg_config_home_t. Even deleting
$HOME/.config/chromium and $HOME/.cache/chromium doesn't help.

$ ls -lZd ~/.config/chromium/
drwx------. 2 ph ph unconfined_ubject_r:xdg_config_home_t 4096 Sep 24
19:22 /home/ph/.config/chromium/

I also tried "restorecon -R -F /home/ph", but that didn't help either.
Here are relevant lines from


Just in case, here is the state of my chromium SELinux booleans:

# semanage boolean -l | grep chromium
chromium_manage_user_content (off , off) Allow chromium to write
(manage) user content
chromium_read_user_content (on , on) Allow chromium to read
user content
chromium_read_system_info (off , off) Allow chromium to read
system information
chromium_use_java (off , off) Allow the use of java plugins

Note that the problem also occurs when setting
chromium_manage_user_content to on.

What are further steps I should take to debug the issue?

Thread Tools

All times are GMT. The time now is 07:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org