linux: chrome_sandbox worked in builddirectory but not after install
237 views
Skip to first unread message
t
Jun 15, 2017, 4:23:30 AM6/15/17
to Chromium-dev
system: LFS chromium-61.0.3130.0
Yesterday I build and tested out/Default/chrome and it worked after installing /usr/sbin/chrome_sandbox first
But today after creating an .rpm and installing it:
[6223:6223:0615/095809.414906:FATAL:zygote_host_impl_linux.cc(107)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
#0 0x564d1dac7ae7 base::debug::StackTrace::StackTrace()
...
like yesterday before installing /usr/sbin/chrome_sandbox
$ ls -l /usr/sbin/chrome_sandbox
-rwsr-xr-x 1 root root 18736 Jun 15 09:45 /usr/sbin/chrome_sandbox
$ rpm -qf /usr/sbin/chrome_sandbox
chromium-61.0.3130.0-1.x86_64
$ echo $CHROME_DEVEL_SANDBOX
/usr/sbin/chrome_sandbox
$ chrome --no-sandbox
works as expected
what is going on that it now doesn't work without --no-sandbox?
Lei Zhang
Jun 15, 2017, 12:36:54 PM6/15/17
to dnts...@gmail.com, Chromium-dev
You can only use CHROME_DEVEL_SANDBOX with development builds.
You should put the setuid chrome-sandbox binary in the same directory
as the system chrome binary. Note in the system install it needs a
dash in the name instead of an underscore.
> --
> --
> Chromium Developers mailing list: chromi...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-dev
> ---
> You received this message because you are subscribed to the Google Groups
> "Chromium-dev" group.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/af86b3bd-f9ad-4f90-85e0-06a62c8dff4d%40chromium.org.
You should put the setuid chrome-sandbox binary in the same directory
as the system chrome binary. Note in the system install it needs a
dash in the name instead of an underscore.
> --
> Chromium Developers mailing list: chromi...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-dev
> ---
> You received this message because you are subscribed to the Google Groups
> "Chromium-dev" group.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/af86b3bd-f9ad-4f90-85e0-06a62c8dff4d%40chromium.org.
t
Jun 15, 2017, 1:09:19 PM6/15/17
to Chromium-dev, dnts...@gmail.com
On Thursday, June 15, 2017 at 6:36:54 PM UTC+2, Lei Zhang wrote:
> You can only use CHROME_DEVEL_SANDBOX with development builds.
I have is_debug = false but it worked in when I started chrome in the biulddirectory
>Note in the system install it needs a
> dash in the name instead of an underscore.
i tried renaming to chrome-devel-sandbox and modified CHROME_DEVEL_SANDBOX
but same result
You should put the setuid chrome-sandbox binary in the same directory
as the system chrome binary.
/usr/bin/chrome is symlink to /usr/lib64/chromium/chrome
Moved chrome-devel-sandbox to /usr/lib64/chromium/chrome_sandbox
and modify CHROME_DEVEL_SANDBOX same result.
unset CHROME_DEVEL_SANDBOX same result
I remember original starting in builddirectory also exits
but moving chrome_sandbox to /usr/sbin/ and setting it 4755
and with CHROME_DEVEL_SANDBOX=/usr/sbin/chrome_sandbox
chromium works as expected.
I wonder if rpmbuild has stripped something essential
Need some confirmation by others
Lei Zhang
Jun 15, 2017, 1:28:59 PM6/15/17
to dnts...@gmail.com, Chromium-dev
On Thu, Jun 15, 2017 at 10:09 AM, t <dnts...@gmail.com> wrote:
> On Thursday, June 15, 2017 at 6:36:54 PM UTC+2, Lei Zhang wrote:
>>
>> > You can only use CHROME_DEVEL_SANDBOX with development builds.
>>
> I have is_debug = false but it worked in when I started chrome in the
> biulddirectory
By "development builds" I mean when your chrome binary is in
> On Thursday, June 15, 2017 at 6:36:54 PM UTC+2, Lei Zhang wrote:
>>
>> > You can only use CHROME_DEVEL_SANDBOX with development builds.
>>
> I have is_debug = false but it worked in when I started chrome in the
> biulddirectory
out/Default, and still owned by your user account. Whereas a system
installed binary is owned by root and in some system directory.
>> >Note in the system install it needs a
>>
>> > dash in the name instead of an underscore.
>>
> i tried renaming to chrome-devel-sandbox and modified CHROME_DEVEL_SANDBOX
> but same result
is "chrome-sandbox".
>>
>> You should put the setuid chrome-sandbox binary in the same directory
>> as the system chrome binary.
>
>
> /usr/bin/chrome is symlink to /usr/lib64/chromium/chrome
> Moved chrome-devel-sandbox to /usr/lib64/chromium/chrome_sandbox
> and modify CHROME_DEVEL_SANDBOX same result.
> unset CHROME_DEVEL_SANDBOX same result
/usr/lib64/chromium/chrome-sandbox. Remember the note about needing a
dash from above?
t
Jun 15, 2017, 3:52:08 PM6/15/17
to Chromium-dev, dnts...@gmail.com
On Thursday, June 15, 2017 at 7:28:59 PM UTC+2, Lei Zhang wrote:
...
> /usr/bin/chrome is symlink to /usr/lib64/chromium/chrome
> Moved chrome-devel-sandbox to /usr/lib64/chromium/chrome_sandbox
> and modify CHROME_DEVEL_SANDBOX same result.
> unset CHROME_DEVEL_SANDBOX same result
In that case, you want the sandbox it be named
/usr/lib64/chromium/chrome-sandbox. Remember the note about needing a
dash from above?
That did the trick! even after $ unset CHROME_DEVEL_SANDBOX
Thanks a lot!!
That
is only confusing with "chrome-devel-sandbox"
Reply all
Reply to author
Forward
0 new messages