New issue
Advanced search Search tips

Issue 643895 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Regression



Sign in to add a comment

SELinux alert on startup

Reported by khym.cha...@gmail.com, Sep 3 2016 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36

Steps to reproduce the problem:
1. Start Chrome under Linux with SELinux in enforcing mode

What is the expected behavior?
Normal startup.

What went wrong?
I get this SELinux alert:

type=AVC msg=audit(1472867145.344:215): avc:  denied  { create } for  pid=2434 comm="google-chrome" name="63" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_t:s0 tclass=file permissive=0

The pid mentioned is the browser thread.

Did this work before? Yes Version 52.0.2743.116-1.x86_64

Chrome version: 53.0.2785.89  Channel: stable
OS Version: Fedora 24
Flash Version: Shockwave Flash 22.0 r0

SELinux policy version 3.13.1-191.14
Kernel 4.7.2-201

Chrome seems to be working perfectly, except that it's asking to be made the default browser when I know it's already the default browser.

Comment 1 by khym.cha...@gmail.com, Sep 4 2016 

Results of some experimenting:

1) Problem persists when experiments are turned off via --no-experiments.
2) Problem goes away when extension are disabled via --disable-extensions.
3) *HOWEVER*, the problem persists if instead I disable extension by going to chrome://extensions/ and unchecking "enabled" for each extension I have.

Comment 2 by khym.cha...@gmail.com, Sep 4 2016 

Persisting to version 53.0.2785.92 

I started up chrome with these command line args added: "--enable-logging --enable-extension-activity-logging --v=127".  As soon as chrome finished startup I copied away chrome_debug.log and compressed it; you'll find it attached.
chrome_debug.log.bz2
23.9 KB Download

Comment 3 by khym.cha...@gmail.com, Sep 4 2016 

After an strace and shell script debugging, I've (sort of) got it pinned down:

1) The fault is happening the google-chrome bash shell script, not in the chrome binary.  I thought it was because the "exec" at the end of the script turns the shell script PID into the chrome main thread PID.

2) It seems to be happening because of the solution to  bug 376567 , on lines 44 through 46 of the script.  That is, these three lines:

exec < /dev/null
exec > >(exec cat)
exec 2> >(exec cat >&2)

3) From the strace log, it looks like the problem is that it's trying to create file "/dev/fd/63".

4) The bug turns out to be somewhat intermittent.

So, it might be a bash bug instead of a chrome bug.

Comment 4 by khym.cha...@gmail.com, Sep 4 2016 

Oh, right, my Bash version is 4.3.42

Comment 5 by khym.cha...@gmail.com, Sep 5 2016 

Looks like it might be a kernel bug: https://bugzilla.redhat.com/show_bug.cgi?id=1370475

Comment 6 by khym.cha...@gmail.com, Sep 29 2016 

The problem has gone away for me, possibly from an update to the SELinux policies.

Comment 7 by wangxianzhu@chromium.org, Feb 10 2017

Status: WontFix (was: Unconfirmed)

Sign in to add a comment