"Deny server sockets to group" not working as expected
Posted: Tue Feb 03, 2015 4:57 pm
I have compiled kernel with CONFIG_GRKERNSEC_SOCKET_SERVER enabled:
I have expected, this will only prevent opening listening (server) ports and allow client ports.
However, when I start chrome browser, I iget following errors in the log (and the browser does not start)
When I start chrome from the terminal, I see following error mesage:
other clients such as telnet and nc work OK, i.e.:
Does anybody know why chrome does nort start?
UPDATE:
Firefox browser works fine. After some more investigation, this seems to be some problem limited to chrome (chromium) browser, not caused by grsecurity.
But just in case anybody has any insight, I would appreciate it very much
- Code: Select all
[*] Socket restrictions
[ ] Deny any sockets to group (NEW)
[ ] Deny client sockets to group (NEW)
[*] Deny server sockets to group
I have expected, this will only prevent opening listening (server) ports and allow client ports.
However, when I start chrome browser, I iget following errors in the log (and the browser does not start)
- Code: Select all
grsec: denied bind() by /usr/lib/chromium/chromium[NetworkChangeNo:3920]
grsec: denied bind() by /usr/lib/chromium/chromium[WorkerPool/3922:3922]
grsec: denied bind() by /usr/lib/chromium/chromium[Chrome_IOThread:3934]
grsec: denied bind() by /usr/lib/chromium/chromium[NetworkChangeNo:3966]
grsec: denied bind() by /usr/lib/chromium/chromium[WorkerPool/3968:3968]
grsec: denied bind() by /usr/lib/chromium/chromium[Chrome_IOThread:3980]
When I start chrome from the terminal, I see following error mesage:
- Code: Select all
[8539:8552:0204/102542:ERROR:address_tracker_linux.cc(138)] Could not bind NETLINK socket: Permission denied
libudev: udev_monitor_enable_receiving: bind failed: Permission denied
[8539:8566:0204/102542:FATAL:udev_linux.cc(31)] Check failed: 0 == ret (0 vs. -1)
Aborted
other clients such as telnet and nc work OK, i.e.:
- Code: Select all
nc www.google.com 80
telnet www.google.com 80
Does anybody know why chrome does nort start?
UPDATE:
Firefox browser works fine. After some more investigation, this seems to be some problem limited to chrome (chromium) browser, not caused by grsecurity.
But just in case anybody has any insight, I would appreciate it very much