Details
-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhel-8.8.0
-
Normal
-
sst_security_selinux
-
ssg_security
-
QE ack
-
False
-
-
Unspecified
Description
Google chrome crashes and is unable to launch due to selinux policy.
Please provide the package NVR for which bug is seen:
google-chrome-stable-118.0.5993.70-1.x86_64
[root@rht8 ~]# rpm -qa | grep selinux
usbguard-selinux-1.0.0-13.el8.noarch
selinux-policy-devel-3.14.3-117.el8_8.3.noarch
libselinux-2.9-8.el8.i686
python3-libselinux-2.9-8.el8.x86_64
rpm-plugin-selinux-4.14.3-26.el8.x86_64
libselinux-2.9-8.el8.x86_64
selinux-policy-targeted-3.14.3-117.el8_8.3.noarch
tpm2-abrmd-selinux-2.3.1-1.el8.noarch
libselinux-utils-2.9-8.el8.x86_64
selinux-policy-3.14.3-117.el8_8.3.noarch
libselinux-devel-2.9-8.el8.x86_64
flatpak-selinux-1.10.7-1.el8.noarch
fapolicyd-selinux-1.1.3-12.el8.noarch
How reproducible: Launch chrome browser
Steps to reproduce
- Ensure selinux is enforcing
- Open Goggle Chrome
Expected results:
Google chrome would launch and be useable
Actual results
Google Chrome is in "crashed" state
type=AVC msg=audit(1697719183.665:5035327): avc: denied { setcap } for pid=3092100 comm="chrome" scontext=sysadm_u:sysadm_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=sysadm_u:sysadm_r:chrome_sandbox_t:s0-s0:c0.c1023 tclass=process permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.