Chrome 30 sandbox issues with 1Password 4 extension
I can't get the 1Password 4 extension for Chrome (30.0.1599.69) to fill in any input fields. Also, the Command-\ shortcut doesn't work.
Digging around, I found this in /var/log/system.log:
Oct 4 14:03:38 mb 2BUA8C4S2C.com.agilebits.onepassword-osx-helper[9290]: 400200 [SYNC:0x7f96c04583d0:<OPAgileKeychainSyncer (Dropbox) 0x7f96c542f4a0>] E setupKeychainProfile | Cannot sync, failed to load keychain profile: Error Domain=com.agilebits.onepassword.ErrorDomain Code=100 "Failed to load profile" UserInfo=0x7f96c0458670 {NSURL=file://localhost/Users/robert/Dropbox/1Password.agilekeychain/data/default/.1password.keys?applesecurityscope=333830356231393530393762633463666566336465303032306333383463346266383139616262343b30303030303030303b303030303030303030303030303032303b636f6d2e6170706c652e6170702d73616e64626f782e726561642d77726974653b30303030303030313b30313030303030323b303030303030303030313531366339373b2f75736572732f726f626572742f64726f70626f782f3170617373776f72642e6167696c656b6579636861696e, NSLocalizedDescription=Failed to load profile, NSUnderlyingError=0x7f96c04868a0 "The file “.1password.keys” couldn’t be opened because you don’t have permission to view it."}
Oct 4 14:03:38 mb kernel[0]: Sandbox: 2BUA8C4S2C.com.a(9290) deny file-read-data /Users/robert/Dropbox/1Password.agilekeychain/data/default/1password.keys
Oct 4 14:03:38 mb kernel[0]: Sandbox: 2BUA8C4S2C.com.a(9290) deny file-read-data /Users/robert/Dropbox/1Password.agilekeychain/data/default/.1password.keys
Oct 4 14:03:38 mb 2BUA8C4S2C.com.agilebits.onepassword-osx-helper[9290]: 400200 [SYNC:0x7f96c04583d0:<OPAgileKeychainSyncer (Dropbox) 0x7f96c542f4a0>] E setupAndUnlockKeychainProfile | Cannot sync: no active profile
When I start Chrome from Terminal with the --no-sandbox command line option, both the shortcut and the form filling works again.
Comments
-
I would like to confirm Robert's testing. I started Chrome Version 32.0.1659.2 dev in No Sandbox mode, and I was able to get the autofill and shortcut to work again. I know the dev and beta versions are unsupported, but it seems like this is happening in the current stable version of Chrome as well. I hope this is fixable.
0 -
Okay, so apparently this problem fixed itself for me overnight! Opened my MBP this morning, and now it seems to work just fine. Pretty strange...
The same message still appear in
system.logthough, so perhaps they weren't causing the problem after all?0 -
Hi guys,
No, those error messages are unrelated. Those errors are related to the Dropbox Syncer in 1Password. There's a bug in the Mac App Store version where if you restart the 1Password mini, it loses the sandboxing rights to your data file in Dropbox. This will be fixed soon in our website version and we'll be submitting a new build later tonight to the Mac App Store.
0 -
Also, Bo, did it fix itself after you restart the computer?
0 -
Mike,
The keyboard shortcut stopped functioning for me after some time (the 'global' shortcut, Cmd+Opt+\, did still work). Rebooting didn't fix it, and I've also tried combinations of restarting the mini helper and the onepassword-osx-helper app. So there's still something fishy, hopefully it works again with the new build :)
0 -
Hey guys!
Are you still having autofill and/or shortcut problems after updating to the latest 1P4 browser extension (4.0.1) released a couple days ago? If so, please check this guide to see if any of suggestions there are helpful:
Thanks!
0 -
I think I found the issue: I'm using Automatic Proxy Configuration using a PAC file, and apparently, even though I stated otherwise, requests for 127.0.0.1/localhost were proxied as well.
I fixed it by adding an explicit rule in the PAC file. For those interested:
function FindProxyForURL(url, host){ if (/^(127\.0\.0\.1|localhost)$/.test(host)) { return 'DIRECT'; } ... }0 -
This is very helpful! Thank you, @robertklep!
0 -
I have this issue and got around it by changing Chrome's sandboxing settings to "Allow all sites to use a plug-in to access my computer". Now I'm wondering if allowing this access is a security risk for other sites/extensions?
0 -
Hi @ryal001,
Do you have a proxy sever? Chrome's sandboxing isn't the issue here, it's the proxy itself. The 1Password extension itself does not use the sites to connect to the 1Password mini, it creates the websocket connection in the extension itself, which is already properly sandboxed by Chrome.
I changed the setting to not allow any sites to use plugins to access my computer:
1Password still continues to work for me.
0
