Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Latest Chromium - "--no-sandbox" error

  1. #1
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,044
    Blog Entries
    14

    Default Latest Chromium - "--no-sandbox" error

    After this morning's update to the 880 packages, Chromium, after starting up, displays an error on the parameter "--no-sandbox" which is found in /usr/bin/chromium. If I remove the parameter, chromium doesn't start at all. Anyone else experiencing this.

    BTW, if I ignore the error all seems to be fine.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  2. #2
    Join Date
    Sep 2011
    Posts
    22

    Arrow Re: Latest Chromium - "--no-sandbox" error

    I get the same problem with the current chromium build on Tumbleweed X86_64

    Sandboxing is completely disabled it seems, since that option seems to be given as a default upon starting chromium.

    chrome://sandbox/ (inside chromium address bar)
    Code:
    SUID Sandbox	No
    PID name spaces	No
    Network namespaces	No
    Seccomp sandbox	No
    
    You are not adequately sandboxed!
    chromium --version
    Code:
    sh-4.2$ chromium --version
    Chromium 16.0.880.0
    uname -a
    Code:
    sh-4.2$ uname -a
    Linux rmk2 3.0.4-43-desktop #1 SMP PREEMPT Wed Aug 31 09:30:44 UTC 2011 (a432f18) x86_64 x86_64 x86_64 GNU/Linux
    chromium
    Code:
    sh-4.2$ chromium
    [7777:7777:340624416602:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7781:7781:340624518232:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7786:7786:340624822789:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7793:7793:340625144241:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7797:7797:340625297951:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7803:7803:340625503219:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7807:7807:340625599170:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7811:7811:340625853320:ERROR:renderer_main.cc(213)] Running without renderer sandbox
    [7815:7815:340625980465:ERROR:renderer_main.cc(213)] Running without renderer sandbox

  3. #3
    Join Date
    Sep 2011
    Posts
    22

    Default Re: Latest Chromium - "--no-sandbox" error

    Mhm...

    Sorry for double-posting, but I cannot edit the other post anymore.

    Anyway...here is what seems to solve the problem for me, ymmv.

    check the permissions of /usr/lib/chrome-sandbox, that's what it looked like for me
    Code:
    sh-4.2$ dir /usr/lib/ | grep sand
    -rwxr-xr-x   1 root root  15K Sep 16 11:33 chrome_sandbox*
    Upon removing the "--no-sandbox" part from /usr/lib64/chromium/chromium-generic, I got the following error:
    Code:
    sh-4.2$ chromium 
    [8869:8869:342043092542:FATAL:zygote_host_linux.cc(141)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chrome_sandbox is owned by root and has mode 4755.
    Aborted
    So what I ended up doing is:
    Code:
    sh-4.2$ sudo chmod 4755 /usr/lib/chrome_sandbox
    sh-4.2$ dir /usr/lib/ | grep sand
    -rwsr-xr-x   1 root root  15K Sep 16 11:33 chrome_sandbox*
    Afterwards, I removed the "-no-sandbox" switch from /usr/lib64/chromium/chromium-generic (after a backup)
    Code:
    sh-4.2$ cat /usr/lib64/chromium/chromium-generic | grep exec
      exec $LIBDIR/$APPNAME "--no-sandbox" "--password-store=detect" "--enable-experimental-extension-apis" "--enable-plugins" "--enable-extensions" "--enable-user-scripts" "--enable-printing" "--enable-sync" "--auto-ssl-client-auth" "$@"
    Upon starting chromium next, sandboxing is enabled again and I have yet to encounter any further problems.

    chrome://version/
    Code:
    Chromium	16.0.880.0 (Developer Build 0)
    OS	Linux
    WebKit	535.3 (Unknown URL@0)
    JavaScript	V8 3.6.2
    Flash	11.0 d1
    User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.3 (KHTML, like Gecko) Chrome/16.0.880.0 Safari/535.3 SUSE/16.0.880.0
    Command Line	 /usr/lib64/chromium/chromium --password-store=detect --enable-experimental-extension-apis --enable-plugins --enable-extensions --enable-user-scripts --enable-printing --enable-sync --auto-ssl-client-auth --enable-seccomp-sandbox --flag-switches-begin --show-composited-layer-borders --no-pings --flag-switches-end
    Executable Path	/usr/lib64/chromium/chromium
    Profile Path	~/.config/chromium/Default
    chrome://sandbox/
    Code:
    Sandbox Status
    
    SUID Sandbox	Yes
    PID name spaces	Yes
    Network namespaces	Yes
    Seccomp sandbox	No
    You are adequately sandboxed.
    (Seccomp is different anyway and has to be enabled seperately by another command-line switch, so it is not important for this matter)

  4. #4
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,454

    Default Re: Latest Chromium - "--no-sandbox" error

    As this applies to Tumbleweed, it is possible that Tumbleweed has not updated to the new network repository; I don't get this problem with chromium from the network repo.

  5. #5
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,044
    Blog Entries
    14

    Default Re: Latest Chromium - "--no-sandbox" error

    Quote Originally Posted by john_hudson View Post
    As this applies to Tumbleweed, it is possible that Tumbleweed has not updated to the new network repository; I don't get this problem with chromium from the network repo.
    You're so very right: I posted in the Applications forums, not knowing whether this was due to a general package error, or just to the Tumbleweed version. Yet my packages come from the network:chromium:Tumbleweed repo. The old repo does not serve updated packages anymore.

    Edit: I applied the chmod 4755, editted /usr/bin/chromium with exactly the same results as mentioned above by @rmk2. Chromium running smoothly, sandbox error gone.
    Last edited by Knurpht; 20-Sep-2011 at 12:44.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  6. #6
    Join Date
    Sep 2011
    Posts
    22

    Default Re: Latest Chromium - "--no-sandbox" error

    Quote Originally Posted by Knurpht View Post
    You're so very right: I posted in the Applications forums, not knowing whether this was due to a general package error, or just to the Tumbleweed version. Yet my packages come from the network:chromium:Tumbleweed repo. The old repo does not serve updated packages anymore.

    Edit: I applied the chmod 4755, editted /usr/bin/chromium with exactly the same results as mentioned above by @rmk2. Chromium running smoothly, sandbox error gone.
    I am using the same repository. And it's good that the problem seems to be the same. Gives at least some consistency...

    I guess the question remains though what causes this problem, but without more people either having the problem or the update working fine, it's hard to tell. The question also remains why Chromium for Tumbleweed starts with the "--no-sandbox" switch enabled by default. It might be a leftover from testing before compiling or resolving issues. But at least it is easily fixable. I guess it's hard to tell if it is Tumbleweed by itself, has to do with architecture or some more general things...

  7. #7

    Default Re: Latest Chromium - "--no-sandbox" error

    On Tue, 20 Sep 2011 19:06:03 GMT john hudson wrote:

    > As this applies to Tumbleweed, it is possible that Tumbleweed has not
    > updated to the new network repository; I don't get this problem with
    > chromium from the network repo.


    I recognized the same with this repo:

    http://download.opensuse.org/reposit...openSUSE_11.4/

    Therefore i don't think it is the repo and i start it this way:

    /etc/alternatives/chromium -> /usr/lib/chromium/chromium-generic

    Perhaps the problems don't happens with chromium-kde or chromium-gnome.

  8. #8
    Join Date
    Sep 2011
    Posts
    22

    Default Re: Latest Chromium - "--no-sandbox" error

    Quote Originally Posted by Ferenginar View Post
    On Tue, 20 Sep 2011 19:06:03 GMT john hudson wrote:

    > As this applies to Tumbleweed, it is possible that Tumbleweed has not
    > updated to the new network repository; I don't get this problem with
    > chromium from the network repo.


    I recognized the same with this repo:

    Index of /repositories/network:/chromium/openSUSE_11.4

    Therefore i don't think it is the repo and i start it this way:

    /etc/alternatives/chromium -> /usr/lib/chromium/chromium-generic

    Perhaps the problems don't happens with chromium-kde or chromium-gnome.
    chromium-generic is basically just a shell-script that checks a couple of enviromental variables and looks for meego, then executes chromium with a list of command-line switches. It also prints some warnings if /tmp isn't accessible etc.

    it's basically a string of soft links: /usr/bin/chromium → /etc/alternatives/chromium → /usr/lib(64)/chromium/chromium-generic, whereas the last one in the end calls the chromium binary /usr/lib(64)/chromium/chromium like so:
    Code:
    exec $LIBDIR/$APPNAME "--no-sandbox" "--password-store=detect" "--enable-experimental-extension-apis" "--enable-plugins" "--enable-extension\
       s" "--enable-user-scripts" "--enable-printing" "--enable-sync" "--auto-ssl-client-auth" "$@"
    As stated earlier, the "--no-sandbox"-switch is what causes this problem. It is safe to change this script, since all it does is give a number of options to the actual binary. The whole problem described in this thread isn't related to chromium's binary, but rather to its startup script.

    As to why the script is used, I suppose it makes it easier to start chromium regardless of the underlying platform and to pass a number of (default or custom) command-line switches...

    You can also circumvent the script by calling the binary /usr/lib(64)/chromium directly...

  9. #9

    Default Re: Latest Chromium - "--no-sandbox" error

    On Wed, 21 Sep 2011 12:46:03 GMT rmk2 wrote:

    > chromium-generic is basically just a shell-script that checks a couple
    > of enviromental variables and looks for meego, then executes chromium
    > with a list of command-line switches. It also prints some warnings if
    > /tmp isn't accessible etc.


    Yes i know this and i even edit this file because chromium has no
    config gui to set the cache directory or the proxy (under lxde).

    But still again there is the the question why john hudson said that all
    works fine for him and if i start chromium directly i got this:

    # /usr/lib/chromium/chromium
    [9131:9131:900918771:FATAL:zygote_host_linux.cc(141)] The SUID sandbox
    helper binary was found, but is not configured correctly. Rather than
    run without sandboxing I'm aborting now. You need to make sure
    that /usr/lib/chrome_sandbox is owned by root and has mode 4755.
    Abgebrochen


  10. #10
    Join Date
    Jun 2008
    Location
    Lisbon, Portugal
    Posts
    57

    Default Re: Latest Chromium - "--no-sandbox" error

    Just in case someone happens to come across this problem with the new version, 30.0.1599.66 (225456), I couldn't start chromium and got this output when I tried to do it from a shell:

    Code:
    [14072:14072:1018/230354:FATAL:zygote_host_impl_linux.cc(142)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib64/chromium/chrome-sandbox is owned by root and has mode 4755.
    Aborted
    Doing this solved the issue (same logic as suggested by rmk2 above):

    Code:
    sudo chmod 4755 /usr/lib64/chromium/chrome-sandbox
    "None are more enslaved than those who falsely believe they are free." -- Johann Wolfgang von Goethe (Elective Affinities, 1809)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •