F14, google-chrome won't launch after yum update

Daniel J Walsh dwalsh at redhat.com
Sat Oct 1 11:46:59 UTC 2011

Hash: SHA1

On 09/30/2011 03:40 PM, jackson byers wrote:
> Daniel J Walsh replied
>> This is definitely something in SELinux.   The current upstream
>> google chrome is a little strange from an SELinux point of view.
>> Have you tried chromium?
>> http://fedoraproject.org/wiki/Chromium
> well, no.   Advice on this llist over last year or so is that 
> google-chrome is better.
> I can always fall back on firefox....
> At least I know my problem is Selinux. And in this case evidently
> something that can't be fixed.
> I would think this will be viewed by many fedora users as a real
> black mark on Selinux.
> Unless google-chrome   is at fault.
> More   detail on how I was running: from a backup copy of F!4 I had
> just done a yum update.
> If I now go back to my main F14 (and dont do the yum update) then
> google-chrome works as it has been.
> so it was some glltch in the yum update
> Jack

My goal is not to get into the blame game, but google-chrome requires
some strange access that I have never seen an app need before.
Basically an application chrome-sandbox needing to load the the
executable (not shared library) chrome which was not compiled with
PIC.  The latest chrome browser from beta release requires mmap_zero,
which is a very dangerous access that we will not give.

If you do not want SELinux controlling chrome-sandbox you can turn off
the boolean unconfined_chrome_sandbox_transition

setsebool -P unconfined_chrome_sandbox_transition 0

The link above has a version of chrome, specially built for Fedora
which should work fine with SELinux.

Some of the problems you are seeing, I believe are fixed in F15 and
F16.  Not sure if the fixes were back ported to F14.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the users mailing list