starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-28 02:06:00 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #523] [BUG] Can't use Google-Chrome anymore after the hardening was done #82

New issue
Closed
opened 2026-03-03 13:59:00 +03:00 by kerem · 8 comments
kerem commented 2026-03-03 13:59:00 +03:00
Owner
Copy link

Originally created by @madiba237 on GitHub (Nov 14, 2024).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/523

Originally assigned to: @konstruktoid on GitHub.

Describe the bug
Google chrome worked just fine before the hardening, after it impossible to launch it no matter the user (root...)

To Reproduce
launching google-chrome from the terminal result to this message showing up 👍
/usr/bin/google-chrome: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied

Expected behavior

google-chrome browser should be launched .

System (lsb_release -a):

Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble

Additional context
Add any other context about the problem here.

After stoping and disabeling apparmor.service it still doesn't work

Originally created by @madiba237 on GitHub (Nov 14, 2024). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/523 Originally assigned to: @konstruktoid on GitHub. **Describe the bug** Google chrome worked just fine before the hardening, after it impossible to launch it no matter the user (root...) **To Reproduce** launching google-chrome from the terminal result to this message showing up 👍 /usr/bin/google-chrome: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied **Expected behavior** google-chrome browser should be launched . **System (lsb_release -a):** Distributor ID: Ubuntu Description: Ubuntu 24.04.1 LTS Release: 24.04 Codename: noble **Additional context** Add any other context about the problem here. After stoping and disabeling apparmor.service it still doesn't work
kerem closed this issue 2026-03-03 13:59:00 +03:00
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 14, 2024):

Hi @madiba237 , I have not in any way tested the script on a client running graphical applications.

Can you attach some relevant journal logs as well?

<!-- gh-comment-id:2476356378 --> @konstruktoid commented on GitHub (Nov 14, 2024): Hi @madiba237 , I have not in any way tested the script on a client running graphical applications. Can you attach some relevant journal logs as well?
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@madiba237 commented on GitHub (Nov 26, 2024):

sorry for the late reply i was overwhelmed by other projects here are lines in my logs that concern google chrome

2024-11-26T15:21:55.301915+01:00 PA-UBUNTU gnome-shell[20638]: Error fetching user unit for own pid: 3
2024-11-26T15:21:55.357382+01:00 PA-UBUNTU google-chrome.desktop[22394]: /usr/bin/google-chrome-stable: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied

Great thanks for the endeavors

<!-- gh-comment-id:2500971195 --> @madiba237 commented on GitHub (Nov 26, 2024): sorry for the late reply i was overwhelmed by other projects here are lines in my logs that concern google chrome 2024-11-26T15:21:55.301915+01:00 PA-UBUNTU gnome-shell[20638]: Error fetching user unit for own pid: 3 2024-11-26T15:21:55.357382+01:00 PA-UBUNTU google-chrome.desktop[22394]: /usr/bin/google-chrome-stable: error while loading shared libraries: libdl.so.2: cannot open shared object file: Permission denied Great thanks for the endeavors
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 26, 2024):

no worries, but those log messages was included in you issue as well.
does any logs indicate it's an apparmor issue`? what other relevant logs are there?

what does ls -l /usr/lib/x86_64-linux-gnu/libdl.so.2 return?

since the script is one-shot, have you tried re-installing Chrome?

<!-- gh-comment-id:2501046583 --> @konstruktoid commented on GitHub (Nov 26, 2024): no worries, but those log messages was included in you issue as well. does any logs indicate it's an `apparmor` issue`? what other relevant logs are there? what does `ls -l /usr/lib/x86_64-linux-gnu/libdl.so.2` return? since the script is one-shot, have you tried re-installing Chrome?
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@madiba237 commented on GitHub (Nov 27, 2024):

Greeting ,
sadly i do not have the VM no more so i won't provide those logs , but i can assure you the issue comes from app armor

<!-- gh-comment-id:2503465468 --> @madiba237 commented on GitHub (Nov 27, 2024): Greeting , sadly i do not have the VM no more so i won't provide those logs , but i can assure you the issue comes from app armor
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 27, 2024):

After stoping and disabeling apparmor.service it still doesn't work

i can assure you the issue comes from app armor

Could you then list the AppArmor profiles in use?

<!-- gh-comment-id:2503544436 --> @konstruktoid commented on GitHub (Nov 27, 2024): > After stoping and disabeling apparmor.service it still doesn't work > i can assure you the issue comes from app armor Could you then list the AppArmor profiles in use?
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@madiba237 commented on GitHub (Nov 27, 2024):

here are some google-chrome logs

2024-11-27T13:12:54.925568+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925529:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925621+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30911:1127/131254.925580:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925687+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30911:1127/131254.925642:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925756+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925704:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925788+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925755:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925861+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925822:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.925924+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925868:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.926021+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925907:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
2024-11-27T13:12:54.926035+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925962:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)

<!-- gh-comment-id:2503907096 --> @madiba237 commented on GitHub (Nov 27, 2024): here are some google-chrome logs 2024-11-27T13:12:54.925568+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925529:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925621+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30911:1127/131254.925580:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925687+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30911:1127/131254.925642:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925756+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925704:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925788+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925755:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925861+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925822:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.925924+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925868:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.926021+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925907:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13) 2024-11-27T13:12:54.926035+01:00 ADM-LAT-171 google-chrome.desktop[30893]: [30885:30910:1127/131254.925962:ERROR:address_tracker_linux.cc(452)] Failed to recv from netlink socket: Permission non accordée (13)
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Nov 28, 2024):

Try running sudo aa-complain chrome.
To update the profile afterwards, run aa-logprof and then enforce the profile again.

<!-- gh-comment-id:2505677042 --> @konstruktoid commented on GitHub (Nov 28, 2024): Try running `sudo aa-complain chrome`. To update the profile afterwards, run `aa-logprof` and then enforce the profile again.
kerem commented 2026-03-03 13:59:01 +03:00
Author
Owner
Copy link

@madiba237 commented on GitHub (Nov 29, 2024):

Hi @konstruktoid i was able to launch chrome , after running the commands you suggested , i am going for further investigations
i need to allow regular users to launch chrome too
Thx

<!-- gh-comment-id:2507296070 --> @madiba237 commented on GitHub (Nov 29, 2024): Hi @konstruktoid i was able to launch chrome , after running the commands you suggested , i am going for further investigations i need to allow regular users to launch chrome too Thx
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#82
No description provided.