SELinux is preventing chrome-sandbox from write access on the file oom_score_adj.
***** Plugin chrome (98.5 confidence) suggests ****************************
If you want to use the plugin package Then you must turn off SELinux controls on the Chrome plugins. Do # setsebool -P unconfined_chrome_sandbox_transition 0
***** Plugin catchall (2.46 confidence) suggests **************************
If you believe that chrome-sandbox should be allowed write access on the oom_score_adj file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep chrome-sandbox /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c 0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects oom_score_adj [ file ] Source chrome-sandbox Source Path chrome-sandbox Port <Unknown> Host Jehovah.local Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-105.11.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Jehovah.local Platform Linux Jehovah.local 3.19.3-200.fc21.x86_64 #1 SMP Thu Mar 26 21:39:42 UTC 2015 x86_64 x86_64 Alert Count 5 First Seen 2015-04-16 09:31:37 MDT Last Seen 2015-04-16 09:31:37 MDT Local ID de6c3b7d-ace1-46ed-98f7-48bccc284051
Raw Audit Messages type=AVC msg=audit(1429198297.445:724): avc: denied { write } for pid=11552 comm="chrome-sandbox" name="oom_score_adj" dev="proc" ino=126040 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=0
Hash: chrome-sandbox,chrome_sandbox_t,unconfined_t,file,write
On 04/16/2015 12:58 PM, Patrick O'Callaghan wrote:
On Thu, 2015-04-16 at 09:32 -0600, Lawrence E Graves wrote:
If you believe that chrome-sandbox should be allowed write access on the oom_score_adj file by default. Then you should report this as a bug.
Did you?
My thoughts exactly. Putting up the complete error message without saying what (if anything) you did about it doesn't give us much to go on. If you're not sure what the correct response is, that's fine, but at least you should be asking us which option is best.