On Thu, 2010-09-16 at 15:15 -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/16/2010 12:23 PM, John Austin wrote: > > On Thu, 2010-09-16 at 11:49 -0400, Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 09/16/2010 07:47 AM, Daniel J Walsh wrote: > >>> On 09/16/2010 06:04 AM, John Austin wrote: > >>>> On Wed, 2010-09-15 at 13:10 +0000, JB wrote: > >>>>> John Austin <ja <at> jaa.org.uk> writes: > >>>>> > >>>>>> > >>>>>> Hi > >>>>>> > >>>>>> I have a fully updated F13 (64bit) machines using > >>>>>> google-chrome 6.0.472.55 beta > >>>>>> > >>>>>> With SELinux in Enforcing mode > >>>>>> > >>>>>> google-chrome will crash leaving no error messages in dmesg > >>>>>> or /var/log/messages or in the terminal if run from the command line > >>>>>> (to be exact - only the startup messages shown below) > >>>>>> No Selinux problems are shown by SElinux Troubleshooter > >>>>>> > >>>>>> Just the "Aw, Snap!" page is shown > >>>>>> "Something went wrong while displaying this webpage" > >>>>>> No keys, mouse buttons do anything useful within the display area. > >>>>>> Selecting "Learn more" repaints the "Aw, Snap!" page. > >>>>>> The outer window is active ie bookmarks, options can be accessed > >>>>>> but the "display area" will not reload anything other than "Aw, Snap!" > >>>>>> The top right "kill window X" does indeed kill the window > >>>>>> > >>>>>> The site I have been using for testing is > >>>>>> http://www.justtheflight.co.uk/ > >>>>>> > >>>>>> Type in "gat" into the "Departing from" and selecting > >>>>>> London Gatwick > >>>>>> causes the crash > >>>>>> > >>>>>> Switching SElinux to permissive mode DOES NOT crash the above site! > >>>>>> but SElinux Troubleshooter shows no problems. > >>>>>> > >>>>>> As far as I remember the only things I have changed in SElinux > >>>>>> were a couple of settings that were to do with my home > >>>>>> directories being on NFS mounts. > >>>>>> > >>>>>> I have fiddled with almost all of the google-chrome option settings etc > >>>>>> Also searched the web. Found many references to "Aw, Snap!" but > >>>>>> could not see anything that might help. > >>>>>> > >>>>>> Has anyone else seen this problem? > >>>>>> Advice as to how to debug further very welcome > >>>>>> > >>>>>> John > >>>>>> > >>>>>> Running in a terminal gives > >>>>>> milos ~ 1# google-chrome > >>>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available > >>>>> (required by /usr/bin/google-chrome) > >>>>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available > >>>>> (required by /usr/bin/google-chrome) > >>>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available > >>>>> (required by /opt/google/chrome/chrome) > >>>>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available > >>>>> (required by /opt/google/chrome/chrome) > >>>>>> > >>>>> > >>> > >>> > >>>> Many thanks for the reply > >>>> I have intermixed my feedback below > >>> > >>>>> Hi, > >>>>> some remarks and hints. > >>>>> > >>>>> Make sure that you have the latest package (sometimes it gets updated every > >>>>> day): > >>>>> # yum list installed *chrome* > >>>>> # yum update *chrome* > >>>> Yes I updated to google-chrome-beta-6.0.472.59-59126.x86_64 yesterday - > >>>> no change > >>> > >>>>> > >>>>> I noticed that you ran the browser from root prompt (#) - a Big NO-NO ! > >>>> This was just an obsolete .bashrc/.bash_profile > >>>> The browser was not being run as root! > >>> > >>>>> > >>>>> The "Aw, Snap!" problem has been reported since 2008 on all platforms (Win, > >>>>> Mac, Linux) under all circumstances. It seems to be a general error. > >>>>> So it is not related directly to SELinux, but it may be on your machine, in > >>>>> particular if your home dir is on NFS (timeouts, locks, and similar issues). > >>>> I am using NIS + autofs + NFS4 for home directories > >>>> Abstract from my F13_install "log" > >>>> If SElinux is enabled then it is necessary to use SELinux Management to > >>>> set > >>>> Boolean ssh allow host key authentication > >>>> if direct ssh from another machine is required. > >>>> Also > >>>> setsebool -P use_nfs_home_dirs > >>> > >>>> I have tried adding a new local user on a client machine and the problem is not there > >>>> Not a definitive test as the new user will have different defaults. > >>> > >>>> I have tried adding a new user to the server (Centos5.5) and logged into > >>>> the client - "justtheflight" crashes. > >>> > >>>> This suggests that it is the NFS mount that is causing the problem > >>>> I have no idea why this should be! > >>> > >>>> The new users should have "default" settings for the options below > >>>> I have not tested all these yet > >>> > >>>> The sandbox does crash but the nosandbox does NOT - see below > >>>>> > >>>>> Some hints regarding browser config: > >>>>> - take a look at your config and change to default options for the time being > >>>>> Tools button > >>>>> Options > >>>>> Under the Hood: > >>>>> Content settings: > >>>>> JavaScript <--- allow all sites, no exceptions > >>>>> Plug-ins <--- allow all sites, no exceptions > >>>>> try all ON and all OFF > >>>>> Use DNS prefetching ... <--- test with ON and OFF > >>>>> Enable phishing and malware ... <--- test with ON and OFF > >>>>> Change proxy settings: > >>>>> Direct internet connection <--- yes, if you can > >>>>> Translate ... <--- turn it OFF > >>>>> - extensions > >>>>> Tools button - Tools - Extensions > >>>>> If you have any, try to disable them all,later one by one, then restart > >>>>> the browser and see what happens. > >>>>> > >>>>> Debugging: > >>>>> http://code.google.com/p/chromium/wiki/LinuxDebugging > >>>>> >From a terminal (gnome terminal, xterm, etc): > >>>>> $ CHROME_IPC_LOGGING=1 google-chrome --log-level=0 --enable-logging=stderr >& > >>>>> .chrom.log http://www.justtheflight.co.uk/ > >>>>> This will generate a log file .chrom.log in your home dir. If not empty, attach > >>>>> it to your problem report. > >>>> This from the new user whose home directory is NFS mounted (The site crashed) > >>>> [tester@milos ~]$ CHROME_IPC_LOGGING=1 google-chrome --log-level=0 --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/ > >>>> [tester@milos ~]$ cat .chrom.log > >>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome) > >>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome) > >>>> [22545:22562:145918300330:INFO:net/base/host_resolver_impl.cc(1083)] IPv6Probe forced AddressFamily setting to ADDRESS_FAMILY_IPV4 > >>>> [22545:22545:145918310946:INFO:chrome/browser/extensions/extensions_service.cc(630)] Sending EXTENSION_LOADED > >>>> [22545:22545:145918332021:INFO:chrome/browser/sync/profile_sync_service.cc(97)] Detected official build, using official sync server. > >>>> [22545:22545:145918332059:INFO:chrome/browser/sync/profile_sync_service.cc(129)] Starting ProfileSyncService. > >>>> [22545:22545:145918332065:INFO:chrome/browser/sync/profile_sync_service.cc(198)] Using https://clients4.google.com/chrome-sync for sync server URL. > >>>> [22545:22545:145918332103:INFO:chrome/browser/sync/profile_sync_service.cc(357)] Clearing Sync DB. > >>>> [22545:22562:145918429713:INFO:net/proxy/proxy_service.cc(644)] Failed initial proxy configuration fetch. > >>>> [22545:22562:145919777048:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(208)] To buffer: http://www.justtheflight.co.uk/ > >>>> [22545:22562:145919777591:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/ > >>>> [22545:22545:145919817088:INFO:chrome/browser/history/history.cc(747)] History backend finished loading > >>>> [22545:22562:145920140936:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(178)] To buffer: http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml > >>>> [22545:22562:145920144427:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml > >>>> [22545:22556:145928316471:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences > >>>> [22545:22556:145930787476:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Local State > >>>> [22545:22556:145930794207:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences > >>> > >>>>> > >>>>> You can run the browser without sandboxing (their idea about processes > >>>>> separation and security); but because of that do it only for testing, not to > >>>>> access important to you web sites: > >>>>> $ google-chrome --no-sandbox http://www.justtheflight.co.uk/ > >>> > >>>> [tester@milos ~]$ google-chrome --no-sandbox http://www.justtheflight.co.uk/ > >>>> In this case the site did NOT crash > >>> > >>>>> You may run the browser in debugging session with it as well: > >>>>> $ CHROME_IPC_LOGGING=1 google-chrome --no-sandbox --log-level=0 > >>>>> --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/ > >>> > >>>> [tester@milos ~]$ CHROME_IPC_LOGGING=1 google-chrome --no-sandbox --log-level=0 --enable-logging=stderr >& .chrom.log http://www.justtheflight.co.uk/ > >>>> [tester@milos ~]$ cat .chrom.log > >>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome) > >>>> /usr/bin/google-chrome: /lib64/libz.so.1: no version information available (required by /usr/bin/google-chrome) > >>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome) > >>>> /opt/google/chrome/chrome: /lib64/libz.so.1: no version information available (required by /opt/google/chrome/chrome) > >>>> [22719:22732:146271772673:INFO:net/base/host_resolver_impl.cc(1083)] IPv6Probe forced AddressFamily setting to ADDRESS_FAMILY_IPV4 > >>>> [22719:22719:146271780682:INFO:chrome/browser/extensions/extensions_service.cc(630)] Sending EXTENSION_LOADED > >>>> [22719:22719:146271796677:INFO:chrome/browser/sync/profile_sync_service.cc(97)] Detected official build, using official sync server. > >>>> [22719:22719:146271796708:INFO:chrome/browser/sync/profile_sync_service.cc(129)] Starting ProfileSyncService. > >>>> [22719:22719:146271796714:INFO:chrome/browser/sync/profile_sync_service.cc(198)] Using https://clients4.google.com/chrome-sync for sync server URL. > >>>> [22719:22719:146271796757:INFO:chrome/browser/sync/profile_sync_service.cc(357)] Clearing Sync DB. > >>>> [22719:22732:146271889163:INFO:net/proxy/proxy_service.cc(644)] Failed initial proxy configuration fetch. > >>>> [22719:22732:146273237280:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(208)] To buffer: http://www.justtheflight.co.uk/ > >>>> [22719:22732:146273237768:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/ > >>>> [22749:22749:146273240536:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/ > >>>> [22719:22719:146273267428:INFO:chrome/browser/history/history.cc(747)] History backend finished loading > >>>> [22719:22732:146273558643:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(178)] To buffer: http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml > >>>> [22719:22732:146273559448:INFO:chrome/browser/renderer_host/buffered_resource_handler.cc(140)] Finished buffering http://www.justtheflight.co.uk/xmlfeeds/jtfairports.xml > >>>> [22749:22749:146273560901:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/ > >>>> [22749:22749:146273711200:INFO:chrome/renderer/user_script_slave.cc(283)] Injected 0 scripts and 0 css files into http://www.justtheflight.co.uk/ > >>>> [22719:22726:146281786532:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences > >>>> [22749:22749:146284263918:INFO:chrome/renderer/render_view.cc(4901)] PLT: 1841ms http://www.justtheflight.co.uk/ > >>>> [22719:22726:146284296387:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Local State > >>>> [22719:22726:146284301758:INFO:chrome/common/important_file_writer.cc(71)] successfully saved /home/tester/.config/google-chrome/Default/Preferences > >>> > >>>>> > >>>>> File a problem report: > >>>>> http://code.google.com/p/chromium/issues/list > >>>>> New issue > >>>>> > >>>>> JB > >>> > >>>> Do you think I have reached the stage when I should submit a bug report? > >>> > >>>> Thanks again > >>> > >>>> John > >>> > >>> > >>> > >>> Can you put the chrome-sandbox into permissive mode and see what AVC's > >>> it generated. > >>> > >>> # semanage permissive -a chrome_sandbox_t > >>> > >>> Then run chrome > >>>> chrome > >>> > >>> # ausearch -m avc -ts recent > >>> # semanage permissive -d chrome_sandbox_t > >>> to pu chrome_sandbox back into enforcing mode. > >> > >> > >> Ok for some reason it wants to search through the NFS home dir. > >> > >> # grep chrome /var/log/audit/audit/audit.log | audit2allow -M mychrome > >> # semodule -i mycrhome.pp > >> > >> And see if this is enough to run chrome on an nfs homedir. > > > > > > google-chrome crashes > > > > [root@milos ~]# grep chrome /var/log/audit/audit.log | audit2allow -M mychrome > > ******************** IMPORTANT *********************** > > To make this policy package active, execute: > > > > semodule -i mychrome.pp > > > > [root@milos ~]# semodule -i mychrome.pp > > > > google-chrome OK !!!!!!!!!!!! > > > > > > > > > > > > > What Fedora release are you running? Please open a bugzilla. Fully updated 64bit F13 ja@milos ~ 1$ cat /etc/redhat-release Fedora release 13 (Goddard) I will submit a bugzilla entitled "SElinux settings crash google-chrome when a user's home directory is NFS mounted" Component: SELinux Is that description accurate ? Regards John -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
