Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

broken sandbox (archlinux)

See original GitHub issue

Binary: https://github.com/brave/brave-browser/releases/download/v0.55.21/brave-browser_0.55.21_amd64.deb

OS:; archlinux

kernel: 4.19.0

Log trap' para punto de parada/seguimiento (core’ generado)

dmesg log [28488.802310] traps: brave[21676] trap int3 ip:55812609b770 sp:7ffeb929bd90 error:0 in brave[558123e06000+65e2000] [28488.802396] audit: type=1701 audit(1540863866.209:131): auid=1000 uid=1000 gid=1000 ses=2 pid=21676 comm=“brave” exe=“/opt/brave.com/brave/brave” sig=5 res=1

also it works with --no-sandbox flag

Issue Analytics

State:
Created 5 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

29reactions

jacobc-ethcommented, Feb 13, 2019

@Liunkae I believe this issue should be reopened, and had mentioned it with @bbondy in the related PR. Two reasons:

Reducing the security of the user’s OS is not an acceptable security solution. Earlier in this thread, @veox linked to the statement from Arch as to why user name spaces are not enabled by default. Arch has stated that enabling this parameter greatly increases the attack surface. This is not an acceptable solution. We need a real sandbox solution.
Even beyond the major security concerns, the Debian instructions linked do not resolve the issue for Arch Linux users. Many distros beyond Arch each have user name space disabled for security reasons, and the commands for changing kernel security parameters will vary across them. Having users learn the correct command for their distro is unscalable and an ugly solution. This Github issue was created for Arch Linux, so it makes no sense to close it with a reference to a Debian solution.

Please, please consider a better sandboxing solution. This is an opportunity for Brave to lead and do better than Chromium.

0reactions

fmariercommented, Dec 18, 2019

This was also reported in #6247 and fixed in https://github.com/brave/brave-core/pull/4223.

Top Results From Across the Web

ArchWiki:Sandbox

ArchWiki:Sandbox ... WINE#PlayOnLinx < - Im glad we have a sandbox! ... broken. mount(1) - wrong number. introintro(1) - wrong name.

Firejail - ArchWiki

Firejail is an easy to use Setuid sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted ......

User:NetSysFire/systemd sandboxing - ArchWiki

systemd enables users to harden and sandbox systemd system service units. ... which can not be broken out easily, as they do not...

Is there some kind of efficient sandbox solution for Arch Linux ...

I use Arch Linux for years but I couldn't figure out a solution for those time wasting broken updates, so is it really...

User:Axper/sandbox/listofgamescompatible - ArchWiki

Name Website License Package aisleriot http://www.gnome.org GPL aisleriot allegro4 http://alleg.sourceforge.net/ custom allegro4 apricots http://www.fishies.org.uk/apricots.html GPL apricots