Subject: | |
From: | |
Reply To: | |
Date: | Thu, 22 Sep 2011 16:21:50 +0200 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
Dear all,
we installed google-chrome-stable-14.0.835.186-101821.x86_64 on both the
NFSv4 clients, and the file server of our SL 6.1 cluster.
On the NFS clients, Chrome cannot display certain webpages (e.g. the
https://docs.google.com/?pli=1#owned-by-me page, nor the user's Google
calendar); just the "Aw, snap" page is shown which indicates a problem.
I found that "setenforce 0" on the client gets rid of the problem, but
disabling SELinux is not an option.
Weird enough, there is no proper setroubleshoot message in
/var/log/messages on the clients when this occurs. But I find in
/var/log/audit/audit.log the following:
[root@client ~]# grep chrome /var/log/audit/audit.log | tail -1
type=SYSCALL msg=audit(1316684717.865:39632): arch=c000003e syscall=56
success=yes exit=0 a0=60000011 a1=0 a2=0 a3=0 items=0 ppid=4628 pid=4629
auid=1110 uid=1110 gid=20 euid=0 suid=0 fsuid=0 egid=20 sgid=20 fsgid=20
tty=(none) ses=4 comm="chrome-sandbox"
exe="/opt/google/chrome/chrome-sandbox"
subj=unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023 key=(null)
I tried to feed this into audit2allow but get an error message.
/var/log/messages has the following:
Sep 22 11:23:40 client gnome-keyring-daemon[2633]: couldn't allocate
secure memory to keep passwords and or keys from being written to the disk
No such problems exist if I start Chrome on the NFS server (which also
has SELinux enabled).
Some googling brought up the recommendation of
restorecon -R -v ~/.config
but this didn't help - it didn't change the labels at all.
ls -dZ .config on the server is
drwx------. dikay games unconfined_u:object_r:config_home_t:s0 .config
and on the clients:
drwx------. dikay games system_u:object_r:nfs_t:s0 .config
ls -Zd .config/google-chrome gives
drwxr-xr-x. dikay games unconfined_u:object_r:config_home_t:s0 gnome-session
on the server, and
drwx------. dikay games system_u:object_r:nfs_t:s0 google-chrome/
on the clients.
The clients mount the home directories with a simple
server:/home /home nfs bg,intr
line in /etc/fstab.
Does anybody have a solution?
thanks,
Kay
--
Kay Diederichs http://strucbio.biologie.uni-konstanz.de
email: [log in to unmask] Tel +49 7531 88 4049 Fax 3183
Fachbereich Biologie, Universität Konstanz, Box M647, D-78457 Konstanz
This e-mail is digitally signed. If your e-mail client does not have the
necessary capabilities, just ignore the attached signature "smime.p7s".
|
|
|