in Chrome, Google

Google Chrome Keystone is modifying / var symlink on non SIP Macs causing Boot Issues, Hacker News

1.9k Views

Google Chrome Keystone is modifying / var symlink on non SIP Macs causing Boot Issues, Hacker News


MrMacintosh.com - Google Chrome Keystone Updater is removing the /var symlink causing account and boot issues.
Google Chrome Keystone Updater is removing the / var symlink causing account and boot issues.

(UPDATE: 9 /) / 5: 00 CST – This article will be continuously updated until a solution is found and is a work in progress.

# Varsectomy FAQ- Index

  • 1. What is theissue?– #Varsectomy
  • 2. Which macOS Versions are affected?
  • 3.Specific Mac Hardware?
  • 4.SIP – System Integrity Protection
  • Avid orGoogle Chrome Keystone Update causing this issue?
  • 6. How can I check my / var symlink?How can I fix the issue?
  • 8.Jamf Pro Extension Atribute
  • 9.Links
  • 10.Credit– Further investigation by #MacAdmins

1. What is the Issue?– #Varsectomy

Late Yesterday #MacAdmins started to report that some of their systems would not boot. They would have the following issue.

  • 1. After rebooting the affected system it would Kernel Panic. The system will reboot only to KP again
  • 2. User Logs out and the system shows the Setup Assistant.
  • 3. The System Kernel Panics into a boot Loop.

Join the #Varsectomy channel in MacAdmins Chat for the latest findings!

2.Which macOS Versions are affected?

MacOS (********************************************************************************. 9 – 10. 14 Mojave

NOTE: macOS 10 .9 & 10. 10 so not have SIP. System Integrity Protection was introduced in macOS 10. 11 El Capitan.

3.Specific Mac Hardware?

At first it was first reported that the 2013 Mac Pro was affected, this is not true.

Now it seems the issue affectsall Macs that have SIP (System Integrity Protection ) Disabled or turned OFF

Check if SIP is enabled by runningcsrutil status

  • System Integrity Protection status: enabled.
  • System Integrity Protection status: disabled

4. SIP – System Integrity Protection

All Reports so far look to be from Macs that have SIP Disabled!

Please do not disable SIP, it was created to protect macOS from this very issue.

5.AVID or Google Chrome Keystone Update causing this issue?

Looks like the issue isNOT AVID! Some AVID users may need to DISABLE SIP for 3rd party Video Card support.

After investigation from some of the top minds in theMacAmins Slack Chat#varsectomy channel it was found that the Google Keystone Updater was at the heart of the issue.

You can run the Google Chrome Keystone Updater Manually to see what happens.

~ / Library / Google / GoogleSoftwareUpdate / GoogleSoftwareUpdate.bundle / Contents / Resources / GoogleSoftwareUpdateAgent.app / Contents / MacOS / GoogleSoftwareUpdateAgent -runmode oneshot

Thank youeholtamfor the VM investigation and Screenshots!

Expand the Screenshot to see the error

After kicking off the update you can see the problem below.

“Found and deleted symlink at path / var”

Found and deleted symlink at path / var

6. How do I check my / var symlink?

Check to see if your / var symlink was modified by running the following command.

ls -ldO / var

You should get one of the following outputs. The first one below means that your / var volder is SIP protected (notice therestrictedflag) and the proper sym link / var ->private / var

lrwxr-xr- x @ 1 root wheel restricted, hidden Apr 1 2018 / var ->private / var

The next one means that your symlink is broken and the folder is NOT SIP Protected.

drwxr-xr- x 5 503 wheel - (Sep 24 14: 37 / var

You will have to boot into recovery, repair the / var symlink and reset the restricted flags.

7. How can I fix the issue?

Fix from MacAdmins UserJuest

First you have to fix the / var symlink so it shows/ var ->private / var

Then you have to remove the affectedLaunchAgents

1. Boot into Recovery 2. Launch Terminal # chroot / Volumes / [affected install] # mv var vv # ln -s private / var var # chflags -h restricted / var # chflags -h hidden / var # xattr -sw com.apple.rootless "" / var  remove launch agents from / Users / [affected user] / Library / LaunchAgents / - com.google.keystone.agent.plist - com.google.keystone.xpcservice.plist # exit (recommended) # csrutil enable 8. Reboot

8. Jamf Pro Extension Attribute

This will help you find machines that are in a state where the / var sys link is broken. Thanks @neilmartin 83

#! / bin / bash
if [[ -h /var ]]; then
echo " (symlink)  "
elif [[ -d /var ]]; then
echo "directory"
fi
exit 0

9.Links

Below are a few of the reports. It first started out as “AVID Hollywood Mac Pro boot problem“.

Jeff Rosica AVID CEO early reporting of the issue.

Scott Simmonsprovideocoalition.com/avid-editors -editors-in-general-be-on-alert-about-this-potential-rebooting-issue /

macrumors.com/2019 / 09 / 24 / hollywood-mac-pros-hit-by- avid-issue /

variety.com/2019 / digital / news / avid-mac-pro-corrupted-hollywood – 1203347033 /

10. Credit! – Further investigation by #MacAdmins

  • @rtrouton for the cool / var Logo!
  • @ bradtchapman for #Varsectomy
  • @ eholtam for investigation and screen shots.
  • All active users in MacAdmins Chat #varsectomy

Brave Browser
Read More
Payeer

What do you think?

0 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Arsenal 5-0 Nottingham Forest: Gabriel Martinelli stars as Tierney and Bellerin return in Carabao Cup win – Evening Standard, Standard.co.uk

Arsenal 5-0 Nottingham Forest: Gabriel Martinelli stars as Tierney and Bellerin return in Carabao Cup win – Evening Standard, Standard.co.uk

V8 adds support for top-level await, Hacker News