New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Available
Owner:
Last visit > 30 days ago
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

security_SandboxedServices test failure on stout due to root run dbus-monitor in rf-led-handler.conf

Project Member Reported by mkarkada@chromium.org, Mar 29 Back to list

Issue description

Components: -Infra>Client>ChromeOS OS>Systems
Labels: -M-66 Proj-stout
Status: Available
Summary: security_SandboxedServices test failure on stout due to root run dbus-monitor in rf-led-handler.conf (was: security_SandboxedServices test failure on stout)
you need to dig a little further into the logs to find the actual failure reason beyond the summary

the last 4 failures in that log are due to:
03/27 22:54:47.732 ERROR|security_Sandboxed:0334| New services are not allowed to run as root, but these are: ['dbus-monitor']
03/27 22:54:47.738 ERROR|security_Sandboxed:0338| Failed sandboxing: ['dbus-monitor']
 1999  1935 dbus-monitor                     root             root             root             root             4026531839 4026531840 4026531957 4026531836 4026531837 4026531838 dbus-monitor --system type='signal',sender='org.chromium.flimflam',                interface='org.chromium.flimflam.Device' type='signal',                sender='org.bluez',interface='org.freedesktop.DBus.Properties'

this is due to the stout-specific init script:
  src/overlays/overlay-stout/chromeos-base/chromeos-bsp-stout/files/rf-led-handler.conf

which has been around forever:
  https://chrome-internal-review.googlesource.com/31883

i'm not sure there are good owners for this.  ideally the dbus-monitor call would not be run as root.
Cc: dianwa@chromium.org pbe...@chromium.org jkop@chromium.org
Still happening today on cros-goldeneye/chromeos/healthmonitoring/buildDetails?builderName=stout-release&buildNumber=&id=&buildbucketId=&token=AIQH9qMAseiN4OyOBc0Qu8lccDXh%3A1523569989573

04/10 15:02:05.292 WARNI|security_Sandboxed:0323| New services: set(['btdispatch', 'dbus-monitor'])
04/10 15:02:05.296 ERROR|security_Sandboxed:0334| New services are not allowed to run as root, but these are: ['dbus-monitor']
04/10 15:02:05.300 ERROR|security_Sandboxed:0338| Failed sandboxing: ['dbus-monitor']

https://00e9e64bac88ed6f60d2e076da52b5fdf99d7883cdb706263b-apidata.googleusercontent.com/download/storage/v1/b/chromeos-autotest-results/o/191067824-chromeos-test%2Fchromeos6-row2-rack5-host13%2Fdebug%2Fclient.0.DEBUG?qk=AD5uMEvOR_MLCH1TP4gcfznj5c1DBj__eDZvmbSinWpAhY4kJjx_iTMwQ9NAbTUdK6_lHIkJxJkRJ35kZxO7r3PMde5ErQwfWkUQL84DeeANQmcuwSwYekZh-5qwzM3Aw9GLCQIDyfHkg71Kl9-AEk3yb4snIi8eN8A7YBXWsujYoNx4z3UqUhuwnrlTRg06P8R4N7_cQU_I3aN9Y2xFuxHPDwjJmt5arvlUtGat373vLl5fWztEJ-LkiupOb_1KQcN9RCp0PsNacb0VynPPp1I9JZpk5XUBgcKVsnJoQ7PnfXLPif9USym6u5pnF74hbZNSHw8zKJsV-vV2aO5GdRWBcxM6ls4i6O-WTzDHCxOOn6p3dMmXBH-PC-VfTcjwg8mEksvp4J7kilH2ojyOg_K3cAqHxjhw4U-rDP8KYEqVngNKdQ9TbfcYwr8pCWlSQd9qnhRZ4bcQ-04TNovDgEq5gDpbVNv0tqb4_ngY2XDSJlBeJ7FgYr-jDp1H3TRFy4wb8RJ2fzybsazLyVb-PUAibG6DoFoz2y8n1dRZx662LcWfLf9fzCxxA2HeQG-_eyF3zC_TJwrJYxiWINqsY7Ud69S2LFhjuGyrHcoTJDlRA9pXjPzRTMcM4ag96SAJMDkimWPFRxBgpRERjt-pkHRCr8Xja9nD2gjGRfJQFZXbKX7odDzHOF1kKhZsqqfkxOVFmJ-a0BlcclxsDW8BzaZ7pbE6ylp1rjeF6IUN_P6opB9qg6gfMW7L9gjgK5Q-FlnQ63ei1heoOWezCXC2V1kBHtZbBgpgH-TKih_WiRPs3TBKKJsqt2DRUbZvCwTKUA_vle44Tvr4tycyrr-wob9pRjZ2a1ox7A
Owner: nsale@chromium.org
Nigel, looking at GE, isn't this device supposed to be EOL now? I'll mark build as experimental for now.

Comment 4 by pbe...@chromium.org, Apr 16 (3 days ago)

Labels: Hotlist-CrOS-Sheriffing

Sign in to add a comment