Help

Google Chrome Keystone Updater removes /var symlink on systems that do not have SIP enabled causing boot & account problems.

ClassicII
Contributor III

Posted on ‎09-24-2019 08:00 PM

Quick update if anyone missed the news today and have some machines in your enviorment that are having boot problems. Machines could still be in a bad state if they have Chrome set to auto update and have not rebooted or logged off.

https://mrmacintosh.com/google-chrome-keystone-is-modifying-var-symlink-on-non-sip-macs-causing-boot...

I included an Extension Attribute that @rmanly & @neilmartin83 built and one that @franton made below to find machines that have a broken /var symlink.

#!/bin/zsh
# Run tests to see if var symlink is corrupted
vartest=$( ls -alO /var )
varuser=$( echo $vartest | awk '{ print $3 }' )
vargroup=$( echo $vartest | awk '{ print $4 }' )
varlink=$( echo $vartest | awk '{ print substr($0, index($0,$10)) }' )
​
# Compose results
[ "$varuser" != "root" ] && userresult=`/usr/bin/printf "
User: $varuser"`
[ "$vargroup" != "admin" ] && [ "$vargroup" != "wheel" ] && groupresult=`/usr/bin/printf "
Group: $vargroup"`
[ "$varlink" != "/var -> private/var" ] && linkresult=`/usr/bin/printf "Symlink: $varlink"`
result="$userresult$groupresult$linkresult"
​
# Output result
if [ -z "$result" ];
then
    echo "<result>No Issues</result>"
else
    echo "<result>$result</result>"
fi
0 Kudos
2 REPLIES 2

jared_f
Valued Contributor

Posted on ‎09-24-2019 09:12 PM

@ClassicII Thank you! I am assuming the fix is to have them reboot their machine?

0 Kudos

franton
Valued Contributor III

Posted on ‎09-25-2019 06:02 AM

@jared_f Completely the opposite! Rebooting really breaks things!

If you find a Mac is broken then you have to boot to the Recovery partition, load up Terminal and type the following:

chroot /Volumes/Macintosh HD
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless "" /var