给大家推荐一款很不错的Linux chromium系统很有学习价值,这里我主要讲解Linux chromium系统的应用,包括介绍Linux chromium知识等方面。自打装好Fedora 12之后就发现Linux chromium不能用rpm安装了,安装时总是缺这少那,很是费劲,于是按照网上的方法,在/etc/yum.repos.d/下创建一个chromium.repo,内容如下:
- view plaincopy to clipboardprint?
- [chromium]
- name=Chromium Test Packages
- baseurl=http://spot.fedorapeople.org/chromium/F$releasever/
- enabled=0
- gpgcheck=0
- [chromium]
- name=Chromium Test Packages
- baseurl=http://spot.fedorapeople.org/chromium/F$releasever/
- enabled=0
- gpgcheck=0
然后通过yum安装就可以了。
今天在Fedora People看到有新的Linux chromium安装包出现,于是打算升级Linux chromium。下载了所有的rpm包(忘记了最初是通过yum安装的)。安装时Linux chromium, chromium-libs都能通过rpm -Uvh正常安装,可是升级v8时还是出了问题。想起以前的教训,打算先把v8完全卸载再安装,可是缺无法卸载,无论是通过rpm -e还是yum remove都不行。
这时想到了用yum upodate v8-*,结果却出现了“Package v8-devel-2.0.3-1.20091209svn3443.fc12.i686.rpm is not signed”的错误。在网上找到一个办法,就是编辑 /etc/yum.conf ,把gpgcheck=1 改为 gpgcheck=0。不过这样做有潜在的风险,因此在安装完v8之后就立刻把gpgcheck重新设为1.
另外一个奇怪的问题是,打开Linux chromium时,浏览器打不开,而且SELinux总是报错:
- view plaincopy to clipboardprint?
- Summary:
- SELinux is preventing /usr/lib/chromium-browser/chromium-browser from loading
- /usr/lib/chromium-browser/libmedia.so which requires text relocation.
- Detailed Description:
- The chromium-browse application attempted to load
- /usr/lib/chromium-browser/libmedia.so which requires text relocation. This is a
- potential security problem. Most libraries do not need this permission.
- Libraries are sometimes coded incorrectly and request this permission. The
- SELinux Memory Protection Tests
- (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
- remove this requirement. You can configure SELinux temporarily to allow
- /usr/lib/chromium-browser/libmedia.so to use relocation as a workaround, until
- the library is fixed. Please file a bug report.
- Allowing Access:
- If you trust /usr/lib/chromium-browser/libmedia.so to run correctly, you can
- change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'" You must also change the default file
- context files on the system in order to preserve them even on a full relabel.
- "semanage fcontext -a -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'"
- Fix Command:
- chcon -t textrel_shlib_t '/usr/lib/chromium-browser/libmedia.so'
- Additional Information:
- Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
- s0:c0.c1023
- Target Context system_u:object_r:lib_t:s0
- Target Objects /usr/lib/chromium-browser/libmedia.so [ file ]
- Source chromium-browse
- Source Path /usr/lib/chromium-browser/chromium-browser
- Port <Unknown>
- Host bonn.yang
- Source RPM Packages chromium-4.0.273.0-0.1.20091216svn34775.fc12
- Target RPM Packages chromium-libs-4.0.273.0-0.1.20091216svn34775.fc12
- Policy RPM selinux-policy-3.6.32-56.fc12
- Selinux Enabled True
- Policy Type targeted
- Enforcing Mode Enforcing
- Plugin Name allow_execmod
- Host Name bonn.yang
- Platform Linux bonn.yang 2.6.31.6-166.fc12.i686.PAE #1 SMP
- Wed Dec 9 11:00:30 EST 2009 i686 i686
- Alert Count 11
- First Seen Wed 23 Dec 2009 09:38:16 PM CST
- Last Seen Wed 23 Dec 2009 10:28:36 PM CST
- Local ID b1f55f28-145d-48dd-9d71-6fb7fe6a57c8
- Line Numbers
- Raw Audit Messages
- node=bonn.yang type=AVC msg=audit(1261578516.240:27332): avc: denied { execmod } for pid=2946 comm="chromium-browse" path="/usr/lib/chromium-browser/libmedia.so" dev=sda2 ino=277322 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
- node=bonn.yang type=SYSCALL msg=audit(1261578516.240:27332): arch=40000003 syscall=125 success=no exit=-13 a0=8ff8000 a1=63000 a2=5 a3=bf899bf0 items=0 ppid=1 pid=2946 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="chromium-browse" exe="/usr/lib/chromium-browser/chromium-browser" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null)
- Summary:
- SELinux is preventing /usr/lib/chromium-browser/chromium-browser from loading
- /usr/lib/chromium-browser/libmedia.so which requires text relocation.
- Detailed Description:
- The chromium-browse application attempted to load
- /usr/lib/chromium-browser/libmedia.so which requires text relocation. This is a
- potential security problem. Most libraries do not need this permission.
- Libraries are sometimes coded incorrectly and request this permission. The
- SELinux Memory Protection Tests
- (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
- remove this requirement. You can configure SELinux temporarily to allow
- /usr/lib/chromium-browser/libmedia.so to use relocation as a workaround, until
- the library is fixed. Please file a bug report.
- Allowing Access:
- If you trust /usr/lib/chromium-browser/libmedia.so to run correctly, you can
- change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'" You must also change the default file
- context files on the system in order to preserve them even on a full relabel.
- "semanage fcontext -a -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'"
- Fix Command:
- chcon -t textrel_shlib_t '/usr/lib/chromium-browser/libmedia.so'
- Additional Information:
- Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
- s0:c0.c1023
- Target Context system_u:object_r:lib_t:s0
- Target Objects /usr/lib/chromium-browser/libmedia.so [ file ]
- Source chromium-browse
- Source Path /usr/lib/chromium-browser/chromium-browser
- Port <Unknown>
- Host bonn.yang
- Source RPM Packages chromium-4.0.273.0-0.1.20091216svn34775.fc12
- Target RPM Packages chromium-libs-4.0.273.0-0.1.20091216svn34775.fc12
- Policy RPM selinux-policy-3.6.32-56.fc12
- Selinux Enabled True
- Policy Type targeted
- Enforcing Mode Enforcing
- Plugin Name allow_execmod
- Host Name bonn.yang
- Platform Linux bonn.yang 2.6.31.6-166.fc12.i686.PAE #1 SMP
- Wed Dec 9 11:00:30 EST 2009 i686 i686
- Alert Count 11
- First Seen Wed 23 Dec 2009 09:38:16 PM CST
- Last Seen Wed 23 Dec 2009 10:28:36 PM CST
- Local ID b1f55f28-145d-48dd-9d71-6fb7fe6a57c8
- Line Numbers
- Raw Audit Messages
- node=bonn.yang type=AVC msg=audit(1261578516.240:27332): avc: denied { execmod } for pid=2946 comm="chromium-browse" path="/usr/lib/chromium-browser/libmedia.so" dev=sda2 ino=277322 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
- node=bonn.yang type=SYSCALL msg=audit(1261578516.240:27332): arch=40000003 syscall=125 success=no exit=-13 a0=8ff8000 a1=63000 a2=5 a3=bf899bf0 items=0 ppid=1 pid=2946 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="chromium-browse" exe="/usr/lib/chromium-browser/chromium-browser" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null)
试了半天也没能在SELinux中设好libmedia.so的permission(有人说只要把libmedia.so的permission设为permissive就可以)。后来在一个法语的网页上(http://tuxmaya.wordpress.com/2009/12/21/nuevos-paquetes-de-chormium-en-fedora/ )发现了这样一条命令来取消 SELinux 对 /usr/lib/chromium-browser/下的所有.so文件的permission 的检查。
- view plaincopy to clipboardprint?
- chcon -t texrel_shlib_t /usr/lib*/chromium-browser/*.so
- chcon -t texrel_shlib_t /usr/lib*/chromium-browser/*.so
另外,该网页(http://forums.fedoraforum.org/showthread.php?t=237029 )上也提到了这种方法。
设置之后,Linux chromium就可以正常工作了。这篇博文就是用Linux chromium来写的。
PS:
写完博文后在SELinux的错误信息中发现了fix的方法:
- view plaincopy to clipboardprint?
- hcon -t textrel_shlib_t '/usr/lib/chromium-browser/libmedia.so'
- hcon -t textrel_shlib_t '/usr/lib/chromium-browser/libmedia.so'
- view plaincopy to clipboardprint?
- semanage fcontext -a -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'
- semanage fcontext -a -t textrel_shlib_t
- '/usr/lib/chromium-browser/libmedia.so'
实在是太粗心了,当时竟然没有仔细看…… 谨记这一教训!
【编辑推荐】
