-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 06:29 AM, GSO wrote:
This thread went offline, however to bring things back online, it appears at least the binary download (running on SL6) of Firefox 5 just released does not work in the sandbox either. The SELinux audit messages are:
Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class dir not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class dir not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class lnk_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission open in class lnk_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class lnk_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class chr_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class blk_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class blk_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class sock_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class sock_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission audit_access in class fifo_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission execmod in class fifo_file not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: Permission syslog in class capability2 not defined in policy. Jun 22 21:40:22 localhost kernel: SELinux: the above unknown classes and permissions will be allowed Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) Jun 22 21:40:24 localhost dbus: avc: received policyload notice (seqno=5) Jun 22 21:40:24 localhost dbus: [system] Reloaded configuration
The sandbox window starts up but crashes before any sign of FF materialises, works fine in permissive mode or unsandboxed otherwise. I've put the FF binaries in /opt.
On 19 June 2011 17:53, Dominick Grift <domg472@gmail.com mailto:domg472@gmail.com> wrote:
On Sun, 2011-06-19 at 13:57 +0100, GSO wrote: > The default build using the google repos results in chromium grinding to a > halt with a black window when run in a sandbox. Is it technically possible > to run chrome in a sandbox, would building from source fix this at all? I do not think it will work since both sandbox an chrome use namespace and chrome cant run if sandbox already runs in a namespace (or something along those lines is my understanding if this issue) > -- > selinux mailing list > selinux@lists.fedoraproject.org <mailto:selinux@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
I looked for firefox5 x86_64 and did not quickly find it, if you know where there is a link, I will look into what is going on, otherwise I will wait until Fedora Packages it. It does seem strange that you are getting those
Permission audit_access in class sock_file not defined in policy.
errors, What OS are you using? What kernel?