0008789: SELinux is preventing /opt/google/chrome/nacl_helper from 'getattr' accesses on the file /etc/passwd.

Description of problem:<br /> SELinux is preventing /opt/google/chrome/nacl_helper from 'getattr' accesses on the file /etc/passwd.<br /> <br /> ***** Plugin chrome (98.5 confidence) suggests ****************************<br /> <br /> If you want to use the plugin package<br /> Then you must turn off SELinux controls on the Chrome plugins.<br /> Do<br /> # setsebool -P unconfined_chrome_sandbox_transition 0<br /> <br /> ***** Plugin catchall (2.46 confidence) suggests **************************<br /> <br /> If you believe that nacl_helper should be allowed getattr access on the passwd file by default.<br /> Then you should report this as a bug.<br /> You can generate a local policy module to allow this access.<br /> Do<br /> allow this access for now by executing:<br /> # grep nacl_helper /var/log/audit/audit.log | audit2allow -M mypol<br /> # semodule -i mypol.pp<br /> <br /> Additional Information:<br /> Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c<br /> 0.c1023<br /> Target Context system_u:object_r:passwd_file_t:s0<br /> Target Objects /etc/passwd [ file ]<br /> Source nacl_helper<br /> Source Path /opt/google/chrome/nacl_helper<br /> Port <Unknown><br /> Host (removed)<br /> Source RPM Packages google-chrome-stable-43.0.2357.81-1.x86_64<br /> Target RPM Packages setup-2.8.71-5.el7.noarch<br /> Policy RPM selinux-policy-3.13.1-23.el7_1.7.noarch<br /> Selinux Enabled True<br /> Policy Type targeted<br /> Enforcing Mode Enforcing<br /> Host Name (removed)<br /> Platform Linux (removed) 3.10.0-229.4.2.el7.x86_64 #1 SMP<br /> Wed May 13 10:06:09 UTC 2015 x86_64 x86_64<br /> Alert Count 2<br /> First Seen 2015-05-27 19:07:37 ICT<br /> Last Seen 2015-05-27 19:07:37 ICT<br /> Local ID 2bda87f1-8288-41e8-ae2c-2a6cd903ba75<br /> <br /> Raw Audit Messages<br /> type=AVC msg=audit(1432728457.363:624): avc: denied { getattr } for pid=13570 comm="chrome" path="/etc/passwd" dev="dm-1" ino=138675801 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file<br /> <br /> <br /> type=SYSCALL msg=audit(1432728457.363:624): arch=x86_64 syscall=stat success=no exit=EACCES a0=7fae2caef9f8 a1=7fffc1534e40 a2=7fffc1534e40 a3=fffffffffffffa09 items=0 ppid=13569 pid=13570 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=14 comm=chrome exe=/opt/google/chrome/chrome subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)<br /> <br /> Hash: nacl_helper,chrome_sandbox_t,passwd_file_t,file,getattr