Posts for the month of September 2015
Chrome on CentOS 7
So my Google Chrome on my CentOS 7 box updated, and SELinux doesn't like it.
There's an official bug for it - https://bugzilla.redhat.com/show_bug.cgi?id=1251996 - but I don't know when that will propagate down.
Until then, here's what I did, with some plaintext showing what was happening:
$ sudo grep chrome /var/log/audit/audit.log | grep setcap | audit2allow #============= chrome_sandbox_t ============== #!!!! This avc is allowed in the current policy allow chrome_sandbox_t self:process setcap; $ sudo grep chrome /var/log/audit/audit.log | grep setcap | audit2allow -M chrome.pol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i chrome.pol.pp $ cat chrome.pol.te module chrome.pol 1.0; require { type chrome_sandbox_t; class process setcap; } #============= chrome_sandbox_t ============== #!!!! This avc is allowed in the current policy allow chrome_sandbox_t self:process setcap; $ sudo semodule -i chrome.pol.pp