Re: SELinux and google-chrome "Aw, Snap!" crashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2010-09-15 at 08:53 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 09/15/2010 04:39 AM, John Austin wrote:
> > Hi
> > 
> > I have a fully updated F13 (64bit) machines using
> > google-chrome 6.0.472.55 beta
> > 
> > With SELinux in Enforcing mode
> > 
> > google-chrome will crash leaving no error messages in dmesg
> > or /var/log/messages or in the terminal if run from the command line
> > (to be exact - only the startup messages shown below)
> > No Selinux problems are shown by SElinux Troubleshooter
> > 
> > Just the "Aw, Snap!" page is shown
> > "Something went wrong while displaying this webpage"
> > No keys, mouse buttons do anything useful within the display area.
> > Selecting "Learn more" repaints the "Aw, Snap!" page.
> > The outer window is active ie bookmarks, options can be accessed
> > but the "display area" will not reload anything other than "Aw, Snap!"
> > The top right "kill window X" does indeed kill the window
> > 
> > The site I have been using for testing is
> > http://www.justtheflight.co.uk/
> > 
> > Type in "gat" into the "Departing from" and selecting
> > London Gatwick
> > causes the crash
> > 
> > Switching SElinux to permissive mode DOES NOT crash the above site!
> > but SElinux Troubleshooter shows no problems.
> > 
> > As far as I remember the only things I have changed in SElinux
> > were a couple of settings that were to do with my home
> > directories being on NFS mounts.
> > 
> > I have fiddled with almost all of the google-chrome option settings etc
> > Also searched the web.  Found many references to "Aw, Snap!" but
> > could not see anything that might help.
> >  
> > Has anyone else seen this problem?
> > Advice as to how to debug further very welcome
> > 
> > John
> > 
> > Running in a terminal gives
> > milos ~ 1# google-chrome 
> > /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
> > /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
> > /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)
> > /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)
> > 
> >   
> > 
> > 
> > 
> Well first off I would never run a web browser as root.
> 
> You could try to disable the dontaudit rules and see it we are covering
> up something that could be breaking it.
> 
> 
> # semodule -DB
> 
> Run google-chrome as a normal user.
> > google-chrome
> 
> Turn the dontaudit rules back on
> # semodule -B
> # ausearch -m avc -ts recent

Hi

Many thanks for the reply
(The non-root # is from a different era - HPUX or Solaris maybe
google-chrome was being run as a normal user)
You have goaded me into changing my prompts!

I have carried out the commands as requested but have no real idea
what they mean !!

[root@milos ~]# semodule -DB

ja@milos 8$ google-chrome 
/usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
/usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
/opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)
/opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)

I crashed out GC using the original "justtheflight" site

[root@milos ~]# semodule -B
[root@milos ~]# ausearch -m avc -ts recent > ausearch_dump

ausearch_dump	shows entries of the form shown below, 691 of them!
I attach the complete file for reference

Thanks again for the interest

John

I will reply to JB separately


time->Thu Sep 16 08:59:57 2010
type=SYSCALL msg=audit(1284623997.534:2715): arch=c000003e syscall=2 success=no exit=-13 a0=7feba9d3a130 a1=90800 a2=1 a3=0 items=0 ppid=1 pid=1793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1284623997.534:2715): avc:  denied  { search } for  pid=1793 comm="dbus-daemon" name="root" dev=sda6 ino=1179649 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
----
time->Thu Sep 16 08:59:57 2010
type=SYSCALL msg=audit(1284623997.534:2716): arch=c000003e syscall=254 success=yes exit=4294967424 a0=6 a1=7feba9d312b0 a2=2c8 a3=1b items=0 ppid=1 pid=1793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1284623997.534:2716): avc:  denied  { search } for  pid=1793 comm="dbus-daemon" name="root" dev=sda6 ino=1179649 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
----
time->Thu Sep 16 08:59:57 2010
type=SYSCALL msg=audit(1284623997.543:2718): arch=c000003e syscall=59 success=yes exit=0 a0=7eff741b3a60 a1=7eff81b226d0 a2=0 a3=31 items=0 ppid=21796 pid=21805 auid=202 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="setfiles" exe="/sbin/setfiles" subj=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1284623997.543:2718): avc:  denied  { noatsecure } for  pid=21805 comm="setfiles" scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1284623997.543:2718): avc:  denied  { siginh } for  pid=21805 comm="setfiles" scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1284623997.543:2718): avc:  denied  { rlimitinh } for  pid=21805 comm="setfiles" scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Sep 16 09:00:00 2010
type=SYSCALL msg=audit(1284624000.825:2720): arch=c000003e syscall=2 success=no exit=-13 a0=7fff82116bc0 a1=0 a2=0 a3=ffffffff items=0 ppid=0 pid=21811 auid=202 uid=202 gid=17 euid=202 suid=202 fsuid=202 egid=17 sgid=17 fsgid=17 tty=pts1 ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1284624000.825:2720): avc:  denied  { search } for  pid=21811 comm="chrome" name="ja" dev=0:19 ino=784897 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
----
time->Thu Sep 16 09:00:00 2010
type=SYSCALL msg=audit(1284624000.825:2721): arch=c000003e syscall=2 success=no exit=-13 a0=7fff82116bc0 a1=0 a2=0 a3=ffffffff items=0 ppid=0 pid=21811 auid=202 uid=202 gid=17 euid=202 suid=202 fsuid=202 egid=17 sgid=17 fsgid=17 tty=pts1 ses=1 comm="chrome" exe="/opt/google/chrome/chrome" subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1284624000.825:2721): avc:  denied  { search } for  pid=21811 comm="chrome" name="ja" dev=0:19 ino=784897 scontext=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir






-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux