search

fedora-silverblue / issue-tracker

Fedora Silverblue issue tracker
https://fedoraproject.org/atomic-desktops/silverblue/
123 stars 3 forks source link

Google Chrome login cookie persistence breaks on Silverblue when the Network Service Sandbox is enabled #603

Open qoijjj opened 2 weeks ago

qoijjj commented 2 weeks ago

Describe the bug Reproduces with any chromium based browser, flatpak or layered rpm. When run with network service sandbox enabled (can be set via chrome://flags or via --enable-features="NetworkServiceSandbox"), chrome will fail to persist logins. So for example if you log in to github, exit the browser, and visit github again, you will have to log in again.

This behavior does not reproduce on workstation under the same conditions (NetworkServiceSandbox enabled).

To Reproduce Please describe the steps needed to reproduce the bug:

  1. Install Silverblue
  2. Install Google Chrome via flatpak or layered rpm
  3. Run chrome with the network service sandbox enabled (chrome://flags/#enable-network-service-sandbox or via --enable-features="NetworkServiceSandbox")
  4. Login to github.com or another site
  5. Close the browser
  6. Reopen chrome with the same configuration
  7. Observe that you need to login again

Expected behavior All of the above steps are expected except step 7. You should not need to login again. This is the case on workstation.

OS version:

State: idle
BootedDeployment:
\u25cf fedora:fedora/40/x86_64/silverblue
                  Version: 40.20241009.0 (2024-10-09T01:04:28Z)
               BaseCommit: 6c331c1042f2352a39ed3f8e53819c5d640b5500963a240c0cfd583be74a8070
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: google-chrome-stable

Additional context

Two things to note:

  1. This issue is not caused by the cookies being deleted. If you toggle the network service sandbox back off, you will be automatically logged in using the stored login cookies.
  2. My hunch is that this is something to do with the keyring configuration on silverblue and how it relates to chrome's network service. The reason for this is that on silverblue (but crucially, not on workstation) I'm getting popups like this when initially opening chrome:

image

Keep in mind though that this is a hunch and could very well be a red herring.

qoijjj commented 2 weeks ago

It also should be noted that eventually the network service sandbox will likely be enabled by default (or enabled in flight via variations) on linux. Meaning that once that happens, all chromium based browsers will break by default on silverblue if this bug still exists.