Chrome sandbox issues on Linux

I just talked this roadblock over with Torne on IRC a bit…

The sandbox file itself is not required on newer systems. The check for it hasn’t been removed which is causing the problems. However, older systems may still require it. The thing is, renaming alone is only enough to apparently make any errors silent (or will cause it to fail once something is hit.)

The recommended way to solve this is, move the sandbox into a static place, sudo chown root chrome-sandbox; sudo chmod 4755 chrome-sandbox, then set CHROME_DEVEL_SANDBOX as an environment variable to the sandbox.

If that env var is set, then regardless of what is in the folder itself it will be used and therefore cause no problems. So we have some options here:

1. Rename the file internally and just hope people are all running with newer kernels and not need the sandbox.
2. Don’t rename the file and add to the install/setup procedure to do a download and setup the sandbox manually the first time you run. Just in case. ™️
3. Combine 1 and 2. Do the rename and warn developers if things fail to try setting up the sandbox manually.

O right On May 27, 2016 7:16 AM, “Jonathan Garbee” notifications@github.com wrote:

On Linux at least, it seems the sandbox is mis-named. It is provided as chrome_sandbox however, this causes a core dump at launch unless you launch with --no-sandbox. Renaming that file to chrome-sandbox fixes the problem.

Can we work-around this in our process until the problem can be investigated more within the builds itself? I’m thinking in our update-chromium.sh script we simply unzip and then move the file in there. Easy enough.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/GoogleChrome/lighthouse/issues/378, or mute the thread https://github.com/notifications/unsubscribe/ASrLLRvPXLVs4MzO6BhbMHYY7NeM1VbAks5qFtKlgaJpZM4IoaC0 .