| 1 |
I installed selinux-chromium for testing, and chromium failed to start |
| 2 |
in SELinux enforcing mode: |
| 3 |
|
| 4 |
$ chromium |
| 5 |
[2557:2557:1727940797:ERROR:process_singleton_linux.cc(263)] Failed to |
| 6 |
create /home/ph/.config/chromium/SingletonLock: Permission denied |
| 7 |
[2557:2557:1727941544:ERROR:chrome_browser_main.cc(1552)] Failed to |
| 8 |
create a ProcessSingleton for your profile directory. This means that |
| 9 |
running multiple instances would start multiple browser processes rather |
| 10 |
than opening a new window in the existing process. Aborting now to avoid |
| 11 |
profile corruption. |
| 12 |
|
| 13 |
audit messages: |
| 14 |
|
| 15 |
# audit2allow -d |
| 16 |
#============= chromium_t ============== |
| 17 |
allow chromium_t xdg_config_home_t:file create; |
| 18 |
allow chromium_t xdg_config_home_t:lnk_file { read create }; |
| 19 |
|
| 20 |
[ 107.872466] type=1400 audit(1348505952.982:67): avc: denied { read |
| 21 |
} for pid=2166 comm="chrome" name="SingletonLock" dev="sda1" ino=522327 |
| 22 |
scontext=unconfined_u:unconfined_r:chromium_t |
| 23 |
tcontext=unconfined_u:object_r:xdg_config_home_t tclass=lnk_file |
| 24 |
[ 107.873916] type=1400 audit(1348505952.983:68): avc: denied { |
| 25 |
create } for pid=2178 comm="Chrome_FileThre" |
| 26 |
name=".org.chromium.Chromium.ZO3dGF" |
| 27 |
scontext=unconfined_u:unconfined_r:chromium_t |
| 28 |
tcontext=unconfined_u:object_r:xdg_config_home_t tclass=file |
| 29 |
|
| 30 |
Now the problem is these files should have context |
| 31 |
chromium_xdg_config_t, but have xdg_config_home_t. Even deleting |
| 32 |
$HOME/.config/chromium and $HOME/.cache/chromium doesn't help. |
| 33 |
|
| 34 |
$ ls -lZd ~/.config/chromium/ |
| 35 |
drwx------. 2 ph ph unconfined_u:object_r:xdg_config_home_t 4096 Sep 24 |
| 36 |
19:22 /home/ph/.config/chromium/ |
| 37 |
|
| 38 |
I also tried "restorecon -R -F /home/ph", but that didn't help either. |
| 39 |
Here are relevant lines from |
| 40 |
/etc/selinux/targeted/contexts/files/file_contexts.homedirs: |
| 41 |
|
| 42 |
/home/[^/]*/.cache/chromium(/.*) |
| 43 |
unconfined_u:object_r:chromium_xdg_cache_t |
| 44 |
/home/[^/]*/.config/chromium(/.*) |
| 45 |
unconfined_u:object_r:chromium_xdg_config_t |
| 46 |
|
| 47 |
Just in case, here is the state of my chromium SELinux booleans: |
| 48 |
|
| 49 |
# semanage boolean -l | grep chromium |
| 50 |
chromium_manage_user_content (off , off) Allow chromium to write |
| 51 |
(manage) user content |
| 52 |
chromium_read_user_content (on , on) Allow chromium to read |
| 53 |
user content |
| 54 |
chromium_read_system_info (off , off) Allow chromium to read |
| 55 |
system information |
| 56 |
chromium_use_java (off , off) Allow the use of java plugins |
| 57 |
|
| 58 |
Note that the problem also occurs when setting |
| 59 |
chromium_manage_user_content to on. |
| 60 |
|
| 61 |
What are further steps I should take to debug the issue? |
Archives