grep chrome /var/log/audit/audit.log|audit2allow -M chromepolicy
This will greate a chromepolicy.pp file in the current directory. It is a binary file, so don't panic if you less or vi the file and can't read it. It basically spits what was being denied by selinux through audit2allow to create the policy.
Once done, it prints this nice little line :
[root@cyanide var]# grep chrome /var/log/audit/audit.log|audit2allow -M chromepolicy******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i chromepolicy.pp
[root@cyanide var]
That "semodule -i chromepolicy.pp" line is the new key to making it work. If you then run that, it will allow Chrome to do the things it's been denied. This is a better option for those that want to keep selinux enabled. (Disabling it is bad if you don't trust people around you.)
No comments:
Post a Comment