Control: tags -1 + moreinfo
On 9/10/25 06:58, Fourhundred Thecat wrote:
originally, I have reported this issue on chromium 138.0.7204.49-1~deb12u1
the problem got fixed by upgrading chromium to next version
but now, after upgrading to
Version 140.0.7339.80 the problem is back:
here is my RBAC reporting chromium trying to open files that it has no
business opening:
07:13:43 grsec: (testuser:U:/usr/lib/chromium/chromium) denied access
to hidden file /home/testuser/.ssh by /usr/lib/chromium/
chromium[ThreadPoolForeg:7646] uid/euid:1000/1000 gid/egid:1000/1000,
parent /usr/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
07:13:43 grsec: (testuser:U:/usr/lib/chromium/chromium) denied access
to hidden file /home/testuser/.gnupg by /usr/lib/chromium/
chromium[ThreadPoolForeg:7646] uid/euid:1000/1000 gid/egid:1000/1000,
parent /usr/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
07:13:43 grsec: (testuser:U:/usr/lib/chromium/chromium) denied access
to hidden file /boot by /usr/lib/chromium/chromium[ThreadPoolForeg:7646]
uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/sbin/init[init:1]
uid/euid:0/0 gid/egid:0/0
07:13:43 grsec: (testuser:U:/usr/lib/chromium/chromium) denied access
to hidden file /home/testuser/.dbus by /usr/lib/chromium/
chromium[ThreadPoolForeg:7646] uid/euid:1000/1000 gid/egid:1000/1000,
parent /usr/sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
why is chromium doing this, and why does Debian tolerate this behavior ?
As I said, it would be helpful if you could send an strace to show
exactly what's attempting to be opened. Chromium specifically has code
to disallow access to special directories, but recent changes to
optimize the blocklist (
https://chromium.googlesource.com/chromium/src/+/e067077375020cf7c7cd1b27cee529e8db5f6ce3%5E%21/
,
https://chromium.googlesource.com/chromium/src/+/37141c231485b178e8d9a6064916a1016311f207%5E%21/
) may have made it so that it first queries those directories for
existence before adding them to the blocklist (or similar unintended
consequences).
