Mhm…
Sorry for double-posting, but I cannot edit the other post anymore.
Anyway…here is what seems to solve the problem for me, ymmv.
check the permissions of /usr/lib/chrome-sandbox, that’s what it looked like for me
sh-4.2$ dir /usr/lib/ | grep sand
-rwxr-xr-x 1 root root 15K Sep 16 11:33 chrome_sandbox*
Upon removing the “–no-sandbox” part from /usr/lib64/chromium/chromium-generic, I got the following error:
sh-4.2$ chromium
[8869:8869:342043092542:FATAL:zygote_host_linux.cc(141)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chrome_sandbox is owned by root and has mode 4755.
Aborted
So what I ended up doing is:
sh-4.2$ sudo chmod 4755 /usr/lib/chrome_sandbox
sh-4.2$ dir /usr/lib/ | grep sand
-rwsr-xr-x 1 root root 15K Sep 16 11:33 chrome_sandbox*
Afterwards, I removed the “-no-sandbox” switch from /usr/lib64/chromium/chromium-generic (after a backup)
sh-4.2$ cat /usr/lib64/chromium/chromium-generic | grep exec
exec $LIBDIR/$APPNAME "--no-sandbox" "--password-store=detect" "--enable-experimental-extension-apis" "--enable-plugins" "--enable-extensions" "--enable-user-scripts" "--enable-printing" "--enable-sync" "--auto-ssl-client-auth" "$@"
Upon starting chromium next, sandboxing is enabled again and I have yet to encounter any further problems.
chrome://version/
Chromium 16.0.880.0 (Developer Build 0)
OS Linux
WebKit 535.3 (Unknown URL@0)
JavaScript V8 3.6.2
Flash 11.0 d1
User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.3 (KHTML, like Gecko) Chrome/16.0.880.0 Safari/535.3 SUSE/16.0.880.0
Command Line /usr/lib64/chromium/chromium --password-store=detect --enable-experimental-extension-apis --enable-plugins --enable-extensions --enable-user-scripts --enable-printing --enable-sync --auto-ssl-client-auth --enable-seccomp-sandbox --flag-switches-begin --show-composited-layer-borders --no-pings --flag-switches-end
Executable Path /usr/lib64/chromium/chromium
Profile Path ~/.config/chromium/Default
chrome://sandbox/
Sandbox Status
SUID Sandbox Yes
PID name spaces Yes
Network namespaces Yes
Seccomp sandbox No
You are adequately sandboxed.
(Seccomp is different anyway and has to be enabled seperately by another command-line switch, so it is not important for this matter)