Author Topic: Error when opening a Sandbox in Selinux/Fedora  (Read 388 times)

cchinicz

  • Full Member
  • ***
  • Posts: 116
  • Karma: +0/-0
    • View Profile
Error when opening a Sandbox in Selinux/Fedora
« on: November 22, 2020, 01:46:14 pm »
Hi Guys,

I have installed policycoreutils-sandbox and I'm trying to open firefox in a sandbox run this command: sandbox -X -t sandbox_net_t -t sandbox_web_t -w 1920x1080 firefox

The error message:
(sandbox:8075): Gtk-WARNING **: 21:34:28.459: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/claudio/.config/gtk-3.0/window_decorations.css: No such file or directory
/usr/bin/firefox: line 186: getenforce: command not found
/usr/bin/firefox: line 186: [: !=: unary operator expected
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :1

Any ideas?

Thanks in advance


cchinicz

  • Full Member
  • ***
  • Posts: 116
  • Karma: +0/-0
    • View Profile
Re: Error when opening a Sandbox in Selinux/Fedora
« Reply #1 on: November 22, 2020, 01:47:49 pm »
By the way, I'm running perating System: Fedora 33 (Thirty Three) Kernel: Linux 5.9.8-200.fc33.ppc64le


cchinicz

  • Full Member
  • ***
  • Posts: 116
  • Karma: +0/-0
    • View Profile
Re: Error when opening a Sandbox in Selinux/Fedora
« Reply #2 on: November 23, 2020, 01:31:24 pm »
I've found the issue preventing sandbox to work. Opening SeLinux Troubleshoot I saw that Selinux was the issue and, at the same time, found there a solution. With a few commands it is now working:

sudo setsebool -P domain_can_mmap_files 1
sudo ausearch -c 'Xephyr' --raw | audit2allow -M my-Xephyr
sudo semodule -i my-Xephyr.pp
sudo semodule -X 300 -i my-Xephyr.pp

and voila.. it works.

Hope this may help someone one day trying to run a sandbox on Fedora/SeLinux.