Ubuntu
chromium-browser package

chromium-browser does not run in guest account

Bug #1464958 reported by dbp on 2015-06-14

This bug affects 4 people

	Status	Importance	Assigned to
Chromium Browser	Unknown	Unknown	chromium #480017
chromium-browser (Ubuntu)	Incomplete	Medium	Unassigned
lightdm (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Description:

In guest account, start chromium browser shows nothing. Start with command line shows error:

guest-1qFsXl@home:~$ chromium-browser http://www.google.com
Check failed: NamespaceUtils::DenySetgroups()

This used to work for months and found failed for few weeks.

Version:

Ubuntu 14.04 LTS
chromium-browser 43.0.2357.81-0ubuntu0.14.04.1.1
linux-image-3.13.0-54-generic 3.13.0-54.91
---
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
Desktop-Session:
'None'
'None'
'None'
DetectedPlugins:

DistroRelease: Ubuntu 14.04
EcryptfsInUse: Yes
Env:
'None'
'None'
Load-Avg-1min: 0.28
Load-Processes-Running-Percent: 0.2%
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
NonfreeKernelModules: nvidia
Package: chromium-browser 43.0.2357.81-0ubuntu0.14.04.1.1089
PackageArchitecture: amd64
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-54-generic root=UUID=85a7733c-fbc4-49bf-84ce-02be4c5ba907 ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.13.0-54.91-generic 3.13.11-ckt20
Tags: third-party-packages trusty
Uname: Linux 3.13.0-54-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/15/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: P1.50
dmi.board.name: H97M-ITX/ac
dmi.board.vendor: ASRock
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: To Be Filled By O.E.M.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.50:bd12/15/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97M-ITX/ac:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
modified.conffile..etc.default.chromium.browser: [deleted]
mtime.conffile..etc.chromium.browser.default: 2015-01-14T08:39:14.796369

See original description

Tags:

Related branches

lp:~cmiller/lightdm/guest-session-chromium-sandbox-cgroups

Merged into lp:lightdm at revision 2200

Robert Ancell: Approve on 2015-10-12

Revision history for this message

Chad Miller (cmiller) wrote on 2015-06-14:

Please paste output of "dmesg". Also

$ apport-collect 1464958

Changed in chromium-browser (Ubuntu):
status:	New → Incomplete
assignee:	nobody → Chad Miller (cmiller)

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: BootDmesg.txt

BootDmesg.txt Edit (56.7 KiB, text/plain)

apport information

tags:	added: apport-collected third-party-packages trusty
description:	updated

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: ChromiumPrefs.txt

ChromiumPrefs.txt Edit (2.6 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: CurrentDmesg.txt

CurrentDmesg.txt Edit (252.3 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: Dependencies.txt

Dependencies.txt Edit (7.5 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: DiskUsage.txt

DiskUsage.txt Edit (366 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: InstalledPlugins.txt

InstalledPlugins.txt Edit (736 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: Lspci.txt

Lspci.txt Edit (9.4 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: Lsusb.txt

Lsusb.txt Edit (479 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: ProcCpuinfo.txt

#10

ProcCpuinfo.txt Edit (1.9 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: ProcEnviron.txt

#11

ProcEnviron.txt Edit (106 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: ProcInterrupts.txt

#12

ProcInterrupts.txt Edit (1.7 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: ProcModules.txt

#13

ProcModules.txt Edit (5.5 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: RelatedPackageVersions.txt

#14

RelatedPackageVersions.txt Edit (923 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: RelatedPackagesPolicy.txt

#15

RelatedPackagesPolicy.txt Edit (4.2 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: UdevDb.txt

#16

UdevDb.txt Edit (132.4 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: UdevLog.txt

#17

UdevLog.txt Edit (303.1 KiB, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: gconf-keys.txt

#18

gconf-keys.txt Edit (491 bytes, text/plain)

apport information

Revision history for this message

dbp (dbpalan) wrote on 2015-06-14: modified.conffile..etc.chromium.browser.default.txt

#19

modified.conffile..etc.chromium.browser.default.txt Edit (218 bytes, text/plain)

apport information

Chad Miller (cmiller) on 2015-06-14

Changed in chromium-browser (Ubuntu):
status:	Incomplete → Triaged
importance:	Undecided → Medium

Revision history for this message

Florian Haas (fghaas) wrote on 2015-07-21:

#20

How exactly is this a dup of #1463598?

Revision history for this message

Chad Miller (cmiller) wrote on 2015-07-21:

#21

Right, sorry. I think it's this, upstream.

Revision history for this message

Chad Miller (cmiller) wrote on 2015-07-21:

#22

Florian, is this still trouble? Do you have any kernel updates not applied yet?

Changed in chromium-browser (Ubuntu):
status:	Triaged → Incomplete

Revision history for this message

Mikko Rauhala (mjr-iki) wrote on 2015-08-03:

#23

This is still a problem. I'm having the exact same issue (though on google-chrome-stable-44.0.2403.125-1 )

Adding

/opt/google/chrome/chrome Cx -> chromium,
/opt/google/chrome/chrome-sandbox Cx -> chromium,

to /etc/apparmor.d/abstractions/lightdm_chromium-browser did not help (I tried that in case it was a matter of yet more filename changes on google's packaging).

google-chrome --no-sandbox works around the issue, with obvious usability (manual startup or manual configuration of switch), stability and security drawbacks.

Revision history for this message

LAZA (laza74) wrote on 2015-09-08:

#24

Happens for me on my internet café machines:

guest-rxOe8H@Daniel:~$ Check failed: NamespaceUtils::DenySetgroups()

Revision history for this message

LAZA (laza74) wrote on 2015-09-10:

#25

Why is this set on "Incomplete"?
What else is missing?
Or do we just wait for Google to fix this?

Chad Miller (cmiller) on 2015-09-14

Changed in chromium-browser (Ubuntu):
status:	Incomplete → Confirmed

Revision history for this message

Christopher Barrington-Leigh (cpbl) wrote on 2015-09-25:

#26

This problem exists also on 15.04 and 15.10.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-10-09:

#27

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in google-chrome-beta (Ubuntu):
status:	New → Confirmed

Revision history for this message

Chad Miller (cmiller) wrote on 2015-10-12:

#28

apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/cap_last_cap" pid=20779 comm="dbus-daemon" requested_mask="r" denied_mask="r" fsuid=135 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/cap_last_cap" pid=20800 comm="gnome-keyring-d" requested_mask="r" denied_mask="r" fsuid=135 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/cap_last_cap" pid=20806 comm="gnome-keyring-d" requested_mask="r" denied_mask="r" fsuid=135 ouid=0
apparmor="DENIED" operation="exec" info="profile not found" error=-2 profile="/usr/lib/lightdm/lightdm-guest-session" name="/bin/fusermount" pid=20882 comm="gvfsd-fuse" requested_mask="x" denied_mask="x" fsuid=135 ouid=0
apparmor="DENIED" operation="exec" info="profile not found" error=-2 profile="/usr/lib/lightdm/lightdm-guest-session" name="/bin/fusermount" pid=20882 comm="gvfsd-fuse" requested_mask="x" denied_mask="x" fsuid=135 ouid=0
apparmor="DENIED" operation="exec" info="profile not found" error=-2 profile="/usr/lib/lightdm/lightdm-guest-session" name="/bin/fusermount" pid=20888 comm="gvfsd-fuse" requested_mask="x" denied_mask="x" fsuid=135 ouid=0
apparmor="DENIED" operation="exec" info="profile not found" error=-2 profile="/usr/lib/lightdm/lightdm-guest-session" name="/bin/fusermount" pid=20888 comm="gvfsd-fuse" requested_mask="x" denied_mask="x" fsuid=135 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/cap_last_cap" pid=21048 comm="dbus-daemon" requested_mask="r" denied_mask="r" fsuid=135 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1/cgroup" pid=21042 comm="gnome-session" requested_mask="r" denied_mask="r" fsuid=135 ouid=0
apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1/cgroup" pid=21097 comm="indicator-messa" requested_mask="r" denied_mask="r" fsuid=135 ouid=0

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-10-28:

#29

This bug was fixed in the package lightdm - 1.17.0-0ubuntu1

---------------
lightdm (1.17.0-0ubuntu1) xenial; urgency=medium

  * New upstream release:
    - Disable log backups - this interferes with logrotate.
    - Support using libaudit to generate audit events.
    - Handle trailing whitespace on boolean values in configuration.
    - Update example configuration to more correctly match allowed options.
    - Fix unnecessary X server from being launched when locking seats.
    - Check the version of the X server we are running so we correctly pass
      -listen tcp when required.
    - Allow reading /proc/<PID>/net/dev from within a guest session.
      (LP: #1442609)
    - Allow guest sessions to write in /{,var/}run/screen folder.
      (LP: #1442611)
    - Update guest-session AppArmor profile to be suitable for openSUSE.
    - Fix apparmor profiles for running Chromium in guest sessions.
      (LP: #1504049, LP: #1464958)
    - Fix configure failing without Vala installed.
  * Build with multi-arch
  * debian/lightdm.logrotate:
    - Use logrotate to handle log files placed in the default system log
      directory (/var/log/lightdm).
  * debian/guest*:
    - Optimize guest account creation, use OverlayFS of AuFS if available.

-- Robert Ancell <email address hidden> Wed, 28 Oct 2015 15:02:46 +1300

Changed in lightdm (Ubuntu):
status:	New → Fix Released

Olivier Tilloy (osomon) on 2018-03-09

Changed in chromium-browser (Ubuntu):
assignee:	Chad Miller (cmiller) → nobody

Nathan Teodosio (nteodosio) on 2022-09-19

no longer affects:	google-chrome-beta (Ubuntu)
Changed in chromium-browser (Ubuntu):
status:	Confirmed → Incomplete

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1503895

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

chromium #480017 Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuchromium-browser package

chromium-browser does not run in guest account

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
chromium-browser package