Re: SELinux and google-chrome "Aw, Snap!" crashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2010 12:23 PM, John Austin wrote:
> On Thu, 2010-09-16 at 11:49 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 09/16/2010 07:47 AM, Daniel J Walsh wrote:
>>> On 09/16/2010 06:04 AM, John Austin wrote:
>>>> On Wed, 2010-09-15 at 13:10 +0000, JB wrote:
>>>>> John Austin <ja <at> jaa.org.uk> writes:
>>>>>
>>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I have a fully updated F13 (64bit) machines using
>>>>>> google-chrome 6.0.472.55 beta
>>>>>>
>>>>>> With SELinux in Enforcing mode
>>>>>>
>>>>>> google-chrome will crash leaving no error messages in dmesg
>>>>>> or /var/log/messages or in the terminal if run from the command line
>>>>>> (to be exact - only the startup messages shown below)
>>>>>> No Selinux problems are shown by SElinux Troubleshooter
>>>>>>
>>>>>> Just the "Aw, Snap!" page is shown
>>>>>> "Something went wrong while displaying this webpage"
>>>>>> No keys, mouse buttons do anything useful within the display area.
>>>>>> Selecting "Learn more" repaints the "Aw, Snap!" page.
>>>>>> The outer window is active ie bookmarks, options can be accessed
>>>>>> but the "display area" will not reload anything other than "Aw, Snap!"
>>>>>> The top right "kill window X" does indeed kill the window
>>>>>>
>>>>>> The site I have been using for testing is
>>>>>> http://www.justtheflight.co.uk/
>>>>>>
>>>>>> Type in "gat" into the "Departing from" and selecting
>>>>>> London Gatwick
>>>>>> causes the crash
>>>>>>
>>>>>> Switching SElinux to permissive mode DOES NOT crash the above site!
>>>>>> but SElinux Troubleshooter shows no problems.
>>>>>>
>>>>>> As far as I remember the only things I have changed in SElinux
>>>>>> were a couple of settings that were to do with my home
>>>>>> directories being on NFS mounts.
>>>>>>
>>>>>> I have fiddled with almost all of the google-chrome option settings etc
>>>>>> Also searched the web.  Found many references to "Aw, Snap!" but
>>>>>> could not see anything that might help.
>>>>>>
>>>>>> Has anyone else seen this problem?
>>>>>> Advice as to how to debug further very welcome
>>>>>>
>>>>>> John
>>>>>>
>>>>>> Running in a terminal gives
>>>>>> milos ~ 1# google-chrome 
>>>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available
>>>>> (required by /usr/bin/google-chrome)
>>>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available
>>>>> (required by /usr/bin/google-chrome)
>>>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available
>>>>> (required by /opt/google/chrome/chrome)
>>>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available
>>>>> (required by /opt/google/chrome/chrome)
>>>>>>
>>>>>
>>>
>>>
>>>> Many thanks for the reply
>>>> I have intermixed my feedback below
>>>
>>>>> Hi,
>>>>> some remarks and hints.
>>>>>
>>>>> Make sure that you have the latest package (sometimes it gets updated every
>>>>> day):
>>>>> # yum list installed *chrome*
>>>>> # yum update *chrome*
>>>> Yes I updated to google-chrome-beta-6.0.472.59-59126.x86_64 yesterday -
>>>> no change
>>>
>>>>>
>>>>> I noticed that you ran the browser from root prompt (#) - a Big NO-NO !
>>>> This was just an obsolete .bashrc/.bash_profile
>>>> The browser was not being run as root!
>>>
>>>>>
>>>>> The "Aw, Snap!" problem has been reported since 2008 on all platforms (Win,
>>>>> Mac, Linux) under all circumstances. It seems to be a general error.
>>>>> So it is not related directly to SELinux, but it may be on your machine, in
>>>>> particular if your home dir is on NFS (timeouts, locks, and similar issues).
>>>> I am using NIS + autofs + NFS4 for home directories
>>>> Abstract from my F13_install "log"
>>>> If SElinux is enabled then it is necessary to use SELinux Management to
>>>> set
>>>> Boolean ssh allow host key authentication
>>>> if direct ssh from another machine is required.
>>>> Also
>>>> setsebool -P use_nfs_home_dirs
>>>
>>>> I have tried adding a new local user on a client machine and the problem is not there
>>>> Not a definitive test as the new user will have different defaults.
>>>
>>>> I have tried adding a new user to the server (Centos5.5) and logged into
>>>> the client - "justtheflight" crashes.
>>>
>>>> This suggests that it is the NFS mount that is causing the problem
>>>> I have no idea why this should be!
>>>
>>>> The new users should have "default" settings for the options below
>>>> I have not tested all these yet
>>>
>>>> The sandbox does crash but the nosandbox does NOT - see below
>>>>>
>>>>> Some hints regarding browser config:
>>>>> - take a look at your config and change to default options for the time being
>>>>>   Tools button
>>>>>   Options
>>>>>   Under the Hood:
>>>>>   Content settings:
>>>>>     JavaScript                     <--- allow all sites, no exceptions
>>>>>     Plug-ins                       <--- allow all sites, no exceptions
>>>>>                                         try all ON and all OFF
>>>>>   Use DNS prefetching ...          <--- test with ON and OFF
>>>>>   Enable phishing and malware ...  <--- test with ON and OFF
>>>>>   Change proxy settings:
>>>>>     Direct internet connection     <--- yes, if you can
>>>>>   Translate ...                    <--- turn it OFF                
>>>>> - extensions
>>>>>   Tools button - Tools - Extensions
>>>>>   If you have any, try to disable them all,later one by one, then restart
>>>>>   the browser and see what happens.
>>>>>
>>>>> Debugging:
>>>>> http://code.google.com/p/chromium/wiki/LinuxDebugging
>>>>> >From a terminal (gnome terminal, xterm, etc):
>>>>> $ CHROME_IPC_LOGGING=1 google-chrome --log-level=0 --enable-logging=stderr >&
>>>>> .chrom.log http://www.justtheflight.co.uk/
>>>>> This will generate a log file .chrom.log in your home dir. If not empty, attach
>>>>> it to your problem report.
>>>> This from the new user whose home directory is NFS mounted (The site crashed)
>>>> [tester@milos ~]$ CHROME_IPC_LOGGING=1 google-chrome --log-level=0 --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/
>>>> [tester@milos ~]$ cat .chrom.log 
>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
>>>> [22545:22562:145918300330:INFO:net/base/host_resolver_impl.cc(1083)] IPv6Probe forced AddressFamily setting to ADDRESS_FAMILY_IPV4
>>>> [22545:22545:145918310946:INFO:chrome/browser/extensions/extensions_service.cc(630)] Sending EXTENSION_LOADED
>>>> [22545:22545:145918332021:INFO:chrome/browser/sync/profile_sync_service.cc(97)] Detected official build, using official sync server.
>>>> [22545:22545:145918332059:INFO:chrome/browser/sync/profile_sync_service.cc(129)] Starting ProfileSyncService.                                                   
>>>> [22545:22545:145918332065:INFO:chrome/browser/sync/profile_sync_service.cc(198)] Using https://clients4.google.com/chrome-sync for sync server URL.             
>>>> [22545:22545:145918332103:INFO:chrome/browser/sync/profile_sync_service.cc(357)] Clearing Sync DB.                                                              
>>>> [22545:22562:145918429713:INFO:net/proxy/proxy_service.cc(644)] Failed initial proxy configuration fetch.                                                       
>>>> [22545:22562:145919777048:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(208)] To buffer: http://www.justtheflight.co.uk/                       
>>>> [22545:22562:145919777591:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/               
>>>> [22545:22545:145919817088:INFO:chrome/browser/history/history.cc(747)] History backend finished loading
>>>> [22545:22562:145920140936:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(178)] To buffer: http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml
>>>> [22545:22562:145920144427:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml
>>>> [22545:22556:145928316471:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences
>>>> [22545:22556:145930787476:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Local State
>>>> [22545:22556:145930794207:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences
>>>
>>>>>
>>>>> You can run the browser without sandboxing (their idea about processes
>>>>> separation and security); but because of that do it only for testing, not to
>>>>> access important to you web sites:
>>>>> $ google-chrome --no-sandbox http://www.justtheflight.co.uk/
>>>
>>>> [tester@milos ~]$ google-chrome --no-sandbox http://www.justtheflight.co.uk/
>>>> In this case the site did NOT crash
>>>
>>>>> You may run the browser in debugging session with it as well: 
>>>>> $ CHROME_IPC_LOGGING=1 google-chrome --no-sandbox --log-level=0
>>>>> --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/
>>>
>>>> [tester@milos ~]$ CHROME_IPC_LOGGING=1 google-chrome --no-sandbox --log-level=0 --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/
>>>> [tester@milos ~]$ cat .chrom.log 
>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome)
>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)
>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome)
>>>> [22719:22732:146271772673:INFO:net/base/host_resolver_impl.cc(1083)] IPv6Probe forced AddressFamily setting to ADDRESS_FAMILY_IPV4
>>>> [22719:22719:146271780682:INFO:chrome/browser/extensions/extensions_service.cc(630)] Sending EXTENSION_LOADED
>>>> [22719:22719:146271796677:INFO:chrome/browser/sync/profile_sync_service.cc(97)] Detected official build, using official sync server.
>>>> [22719:22719:146271796708:INFO:chrome/browser/sync/profile_sync_service.cc(129)] Starting ProfileSyncService.
>>>> [22719:22719:146271796714:INFO:chrome/browser/sync/profile_sync_service.cc(198)] Using https://clients4.google.com/chrome-sync for sync server URL.
>>>> [22719:22719:146271796757:INFO:chrome/browser/sync/profile_sync_service.cc(357)] Clearing Sync DB.
>>>> [22719:22732:146271889163:INFO:net/proxy/proxy_service.cc(644)] Failed initial proxy configuration fetch.
>>>> [22719:22732:146273237280:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(208)] To buffer: http://www.justtheflight.co.uk/
>>>> [22719:22732:146273237768:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/
>>>> [22749:22749:146273240536:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/
>>>> [22719:22719:146273267428:INFO:chrome/browser/history/history.cc(747)] History backend finished loading
>>>> [22719:22732:146273558643:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(178)] To buffer: http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml
>>>> [22719:22732:146273559448:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml
>>>> [22749:22749:146273560901:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/
>>>> [22749:22749:146273711200:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/
>>>> [22719:22726:146281786532:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences
>>>> [22749:22749:146284263918:INFO:chrome/renderer/render_view.cc(4901)] PLT: 1841ms http://www.justtheflight.co.uk/
>>>> [22719:22726:146284296387:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Local State
>>>> [22719:22726:146284301758:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences
>>>
>>>>>
>>>>> File a problem report:
>>>>> http://code.google.com/p/chromium/issues/list
>>>>> New issue
>>>>>
>>>>> JB
>>>
>>>> Do you think I have reached the stage when I should submit a bug report?
>>>
>>>> Thanks again
>>>
>>>> John
>>>
>>>
>>>
>>> Can you put the chrome-sandbox into permissive mode and see what AVC's
>>> it generated.
>>>
>>> # semanage permissive -a chrome_sandbox_t
>>>
>>> Then run chrome
>>>> chrome
>>>
>>> # ausearch -m avc -ts recent
>>> # semanage permissive -d chrome_sandbox_t
>>> to pu chrome_sandbox back into enforcing mode.
>>
>>
>> Ok for some reason it wants to search through the NFS home dir.
>>
>> # grep chrome /var/log/audit/audit/audit.log | audit2allow -M mychrome
>> # semodule -i mycrhome.pp
>>
>> And see if this is enough to run chrome on an nfs homedir.
> 
> 
> google-chrome crashes
> 
> [root@milos ~]# grep chrome /var/log/audit/audit.log | audit2allow -M mychrome                                                                           
> ******************** IMPORTANT ***********************                                                                                                         
> To make this policy package active, execute:
> 
> semodule -i mychrome.pp
> 
> [root@milos ~]# semodule -i mychrome.pp
> 
> google-chrome OK !!!!!!!!!!!!
> 
> 
> 
> 
> 
> 
What Fedora release are you running?  Please open a bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkySbNQACgkQrlYvE4MpobOVQQCgs/QuDjoOjt8y34iHaps3xBOL
UAQAoIsy9ehuXcFlHfcN8j0rkiIs2Dr5
=/4jq
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux