Chrome SELinux problem on SL 6.1 64bit with NFS-mounted home directory

Thu, 22 Sep 2011 07:21:57 -0700 

Dear all,
we installed google-chrome-stable-14.0.835.186-101821.x86_64 on both the NFSv4 clients, and the file server of our SL 6.1 cluster. 


On the NFS clients, Chrome cannot display certain webpages (e.g. the 
https://docs.google.com/?pli=1#owned-by-me page, nor the user's Google 
calendar); just the "Aw, snap" page is shown which indicates a problem. 
I found that "setenforce 0" on the client gets rid of the problem, but 
disabling SELinux is not an option.



Weird enough, there is no proper setroubleshoot message in 
/var/log/messages on the clients when this occurs. But I find in 
/var/log/audit/audit.log the following:


[root@client ~]#  grep chrome /var/log/audit/audit.log | tail -1

type=SYSCALL msg=audit(1316684717.865:39632): arch=c000003e syscall=56 
success=yes exit=0 a0=60000011 a1=0 a2=0 a3=0 items=0 ppid=4628 pid=4629 
auid=1110 uid=1110 gid=20 euid=0 suid=0 fsuid=0 egid=20 sgid=20 fsgid=20 
tty=(none) ses=4 comm="chrome-sandbox" 
exe="/opt/google/chrome/chrome-sandbox" 
subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)

I tried to feed this into audit2allow but get an error message.

/var/log/messages has the following:

Sep 22 11:23:40 client gnome-keyring-daemon[2633]: couldn't allocate 
secure memory to keep passwords and or keys from being written to the disk



No such problems exist if I start Chrome on the NFS server (which also 
has SELinux enabled).


Some googling brought up the recommendation of
restorecon -R -v ~/.config
but this didn't help - it didn't change the labels at all.

ls -dZ .config on the server is
drwx------. dikay games unconfined_u:object_r:config_home_t:s0 .config
and on the clients:
drwx------. dikay games system_u:object_r:nfs_t:s0       .config

ls -Zd .config/google-chrome gives
drwxr-xr-x. dikay games unconfined_u:object_r:config_home_t:s0 gnome-session
on the server, and
drwx------. dikay games system_u:object_r:nfs_t:s0       google-chrome/
on the clients.

The clients mount the home directories with a simple
server:/home             /home                   nfs     bg,intr
line in /etc/fstab.

Does anybody have a solution?

thanks,

Kay
--
Kay Diederichs                http://strucbio.biologie.uni-konstanz.de
email: [email protected]    Tel +49 7531 88 4049 Fax 3183
Fachbereich Biologie, Universität Konstanz, Box M647, D-78457 Konstanz

This e-mail is digitally signed. If your e-mail client does not have the
necessary capabilities, just ignore the attached signature "smime.p7s".




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to