LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Walsh: Google Chrome Policy

Walsh: Google Chrome Policy

Posted Oct 12, 2009 18:16 UTC (Mon) by mosfet (guest, #45339)
Parent article: Walsh: Google Chrome Policy

The path to redemption via grub: selinux=0
Always, always, use this on desktop systems. Beyond the selinux barrier dragons and weired error messages hide and wait for unsuspecting travelers.
Now you may burn the heretic.

(Log in to post comments)

Walsh: Google Chrome Policy

Posted Oct 12, 2009 20:09 UTC (Mon) by zlynx (subscriber, #2285) [Link]

Burn, heretic!

No, really, SELinux has worked fine on my FC11 desktop system.

I had to look up some stuff to figure out how to allow SELinux and Samba to share a USB drive. However, it is kind of comforting to know that there is no way Samba is going to run around loose on my hard drives.

Walsh: Google Chrome Policy

Posted Oct 13, 2009 5:45 UTC (Tue) by JoeBuck (subscriber, #2330) [Link]

I've used selinux on desktop fedora systems for years. There have been occasional glitches, but overall it's worked well, and by now the rough edges have been sanded away.

Walsh: Google Chrome Policy

Posted Oct 14, 2009 9:21 UTC (Wed) by renox (subscriber, #23785) [Link]

>No, really, SELinux has worked fine on my FC11 desktop system.

Depends on your view of what is 'fine': if I understood correctly, the SELinux policy described prevents Chrome uploading files, which I bet quite a few users will find annoying!

Walsh: Google Chrome Policy

Posted Oct 14, 2009 9:27 UTC (Wed) by rahulsundaram (subscriber, #21946) [Link]

Can you explain why the policy would prevent Chrome from upload files? Note that Chromium is not in the Fedora repository yet nor is the policy changes. So this is not applicable to Fedora 11 anyway. In Rawhide, I don't have a problem using Chromium.

Walsh: Google Chrome Policy

Posted Oct 22, 2009 7:10 UTC (Thu) by renox (subscriber, #23785) [Link]

>Can you explain why the policy would prevent Chrome from upload files?

Because it's written in the conclusion of Dan Walsh's blog:
[[ SELinux prevents chrome-sandbox from:
* Using the network
o It can not copy files up to the internet ]]

Maybe I'm misunderstanding it, I'm not a Chrome or SELinux expert..

Walsh: Google Chrome Policy

Posted Oct 13, 2009 8:35 UTC (Tue) by lkundrak (subscriber, #43452) [Link]

Though I won't object that "weirded error messages" pop-out from-time-to-time on Fedora SELinux-enabled desktop, probably a more sane way to get rid of them would be to disable the sealert applet. Point is that you loose less and the "unsuspecting traveller" probably won't be able to fix them anyway.

For me, and I am rather demanding desktop user, SELinux didn't cause any trouble for years (well I can think of one with libvirt, but would a desktop user run that anyway?) and I am running with SELinux enabled and any denial notification disabled (though I look at denial every once in a while out of curiosity,).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds