royong
18-09-2011, 11:57
Updated Google Chrome last night and this morning, I got stuck with the following error:
/opt/google/chrome/chrome: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
Got to my system logs and I found the following:
Sep 18 11:26:30 x61 kernel: [ 4114.703060] type=1400 audit(1316316390.965:25436): avc: denied { execmod } for pid=5336 comm="chrome" path="/opt/google/chrome/chrome" dev=sda2 ino=412 scontext=unconfined_u:unconfined_r:chrome_sandbox_ t:s0-s0:c0.c1023 tcontext=system_u:object_r:execmem_exec_t:s0 tclass=file
Yes, I running Fedora 14, selinux enabled on this machine. Sadly, Google Chrome doesn't seem to want to work with selinux. Those whom are familiar with selinux would probably be able to figure out a workaround. We don't need to disable selinux and I most definitely won't disable selinux just for Chrome. Run the following as root before invoking Chrome again.
chcon -t usr_t /opt/google/chrome/chrome-sandbox
We are basically changing the selinux context of the file. However, please note that changing the selinux context of the file doesn't exactly make the change permanent. A restorecon or a selinux relabel will result in the file reverting to its original selinux context.
A quick google search would probably also give you the same solution and perhaps a little more on the making the change persistent across a restorecon and selinux relabel
http://code.google.com/p/chromium/issues/detail?id=87704 but at this point, I am still looking at Chrome to solve the problem in the next update.
PS - Read this comment on the thread, I don't think it reflects the true workings of the problem. Pushing the blame back to Fedora doesn't cut it!
http://code.google.com/p/chromium/issues/detail?id=87704#c22
/opt/google/chrome/chrome: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
Got to my system logs and I found the following:
Sep 18 11:26:30 x61 kernel: [ 4114.703060] type=1400 audit(1316316390.965:25436): avc: denied { execmod } for pid=5336 comm="chrome" path="/opt/google/chrome/chrome" dev=sda2 ino=412 scontext=unconfined_u:unconfined_r:chrome_sandbox_ t:s0-s0:c0.c1023 tcontext=system_u:object_r:execmem_exec_t:s0 tclass=file
Yes, I running Fedora 14, selinux enabled on this machine. Sadly, Google Chrome doesn't seem to want to work with selinux. Those whom are familiar with selinux would probably be able to figure out a workaround. We don't need to disable selinux and I most definitely won't disable selinux just for Chrome. Run the following as root before invoking Chrome again.
chcon -t usr_t /opt/google/chrome/chrome-sandbox
We are basically changing the selinux context of the file. However, please note that changing the selinux context of the file doesn't exactly make the change permanent. A restorecon or a selinux relabel will result in the file reverting to its original selinux context.
A quick google search would probably also give you the same solution and perhaps a little more on the making the change persistent across a restorecon and selinux relabel
http://code.google.com/p/chromium/issues/detail?id=87704 but at this point, I am still looking at Chrome to solve the problem in the next update.
PS - Read this comment on the thread, I don't think it reflects the true workings of the problem. Pushing the blame back to Fedora doesn't cut it!
http://code.google.com/p/chromium/issues/detail?id=87704#c22