New issue
Advanced search Search tips

Issue 688959 link

Starred by 2 users
Status: Fixed
Owner:
kerrnel@chromium.org
Closed: Mar 2017
Cc:
rsesek@chromium.org
mark@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Chrome should not write inside it's bundle

Project Member Reported by kerrnel@chromium.org, Feb 6 2017 
When updating the sandbox, I see the following:

SandboxViolation: Chromium Helper(11333) deny file-write-data /Users/foo/chromium/src/out/Default/Chromium.app/Contents/Versions/57.0.2987.0/chrome_debug.log

Even for debug builds, Chrome should not write anywhere inside its bundle. This behavior is explicitly forbidden by Apple. It invalidates the entire bundle. I will update the code to log somewhere else.

Comment 1 by kerrnel@chromium.org, Feb 8 2017 

Note: for the V2 sandbox, we need to make sure Chrome can write to the data-dir instead, and that for component builds, the log file can be written alongside the executable.
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/344ea468c3a47b782e5cd0a6d7f8eb704e158561

commit 344ea468c3a47b782e5cd0a6d7f8eb704e158561
Author: kerrnel <kerrnel@chromium.org>
Date: Tue Feb 21 18:19:25 2017

Log into the user-data-dir instead of Chrome's bundle.

Even for debug builds, Chrome should not write anywhere inside its bundle. This
behavior is explicitly forbidden by Apple. This invalidates the entire bundle,
particularly its code identity. Debug builds will now long into the user data
directory.

BUG= 688959 

Review-Url: https://codereview.chromium.org/2679133004
Cr-Commit-Position: refs/heads/master@{#451799}

[modify] https://crrev.com/344ea468c3a47b782e5cd0a6d7f8eb704e158561/chrome/common/chrome_paths.cc

Comment 3 by kerrnel@chromium.org, Mar 1 2017

Status: Fixed (was: Started)

Sign in to add a comment