Star Chrome Sandboxing: Easy on Mac OS X, a Mess on Linux
Linked by Thom Holwerda on Wed 3rd Jun 2009 11:21 UTC, submitted by Hakime
Google One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
E-mail Print r 7   · Read More · 61 Comment(s) http://osne.ws/go8
Thread beginning with comment 366845
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: On the origin of species
by Finalzone on Wed 3rd Jun 2009 19:33 UTC in reply to "RE[2]: On the origin of species"
Finalzone
Member since:
2005-07-06

Every time I have allowed SE Linux to be enabled, within 5 minutes an application I need to run doesn't work with it. And I know, your answer is "don't use that app" or "there is a way to make the app work with SELinux",


What application(s) caused that problem and which distribution is used?

but the reality is I give up after several hours of plunging the depths. It is VERY infuriating, and it really stinks when people say "well, it works for me, must be your problem". That is the Linux way - blame the end user.


It appears it is much easier to give an example without specifying the problem and blame Linux as a whole than simply submitting a bug report to SELinux development and mention what distribution is used.

Reply Parent Bookmark Score: 0

fretinator Member since:
2005-07-06

I think many are missing my point - yes, each problem app can be resolved eventually (e.g., Lotus Domino Server on RHEL 5.0 - the install for Lotus Domino specifically instructs the user to turn of SELinux). Some of the apps are 3rd-party apps and are really the application creators fault, such as the above Lotus Domino. Other times it is an app that comes with the disto (networks apps in general come to mind). My point wasn't to get "help" for my individual issues, but just to point out the difficulty for the end user with SELinux. It's great to tell them to fill out a bug report, but it is not practical for most (by the way, I do report bugs in my distro, Ubuntu, at Launchpad).

Most users are just trying to use their computers for daily work, and thus will either disable SELinux or use something else. It is not the fault of SELinux, but just an example of how the lack of standardization sometimes hurts the "end user". And as I mentioned, the poor end user is usually told to "get over it", "file a bug report", or "stop using that app" (such as my Domino Server experience - it was for a job!).

Reply Parent Bookmark Score: 3

lsatenstein Member since:
2006-04-07

I bet this came about because you disabled Selinux and then loaded a bunch of applications. Later you restarted Selinux, but Selinux did not know about them and so, it did what it is supposed to do., Stop you.

You have to set Selinux to rescan the system, in order to catalog or register the objects security properties.

Reply Parent Bookmark Score: 1