Chromium: "Running without the SUID sandbox!" error

Question

I've downloaded and unpacked a fresh copy of Chromium (Linux_x64), and when I try to run the chrome binary, this happens:

[23986:23986:0806/143027:FATAL:browser_main_loop.cc(148)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on.
Aborted (core dumped)

It doesn't happen with Ubuntu's chromium-browser package. I can bypass the error by running Chromium with --no-sandbox but I'd rather leave the sandbox enabled.

chrome_sandbox has permissions 4755 and is executable by chrome. Does anyone know how to fix this error?

It might not be related, but I'm using full-disk encryption on my Ubuntu install.

Answer 1

Download chrome-linux.zip from appropriate folder from here.

Extract the file - will get a folder called chrome-linux.

Move the folder to wherever you want - I move it to my home folder.

• navigate to that folder

• open a terminal there

Previous two step might be reversed.

Run these four commands individually:

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapper

When I do that, I am good to go.

Answer 2

Do:

$ export DISPLAY=:0.0 && ./chrome --no-sandbox

Answer 3

Development of chrome sandbox stopped early 2016 (latest version of chrome-linux (64bit) that Lyle mentioned is http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?prefix=Linux_x64/382014/ which is from March 2016, more than a year ago).

See the comment at the TOP of https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md which refers to the discussion here: https://bugs.chromium.org/p/chromium/issues/detail?id=598454 -- a bug that was closed as Fixed on 21 June 2016.

That discussion seems to indicate that with the appropriate kernel support it is safe to run chrome with --disable-setuid-sandbox which should cause chrome to stop even looking for the sandbox, but refuse to run if your kernel hasn't got the support to safely do so.

Nevertheless, at this moment (April 2017) ubuntu Stable (Xenial) still comes with the sandbox; package chromium-browser contains: /usr/lib/chromium-browser/chrome-sandbox which is setuid root. The reason that I did got the error in the title of this question is that I was running a special version of chrome that was part of a package that came with an application (a SecondLife viewer) that found it necessary to provide their own version of the browser. Needless to say that this downloaded package wasn't installed with setuid root :p (nor would I suggest to change it to 4755, because that doesn't sound very secure to do).

Answer 4

For the problem Running without the SUID sandbox! See code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment I do the next steps...

install chrome-linux http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?prefix=Linux_x64/100056/ (X64)

unzip the zip, execute the commands and enter to folder

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox

then, I unzip and install libgcrypt11_1.5.0-5+deb7u6_amd64.deb from this command

wget http://security.debian.org/debian- 
security/pool/updates/main/libg/libgcrypt11/libgcrypt11_1.5.0-5+deb7u6_amd64.deb

Then execute the commands individually:

mv libgcrypt11_1.5.0-5+deb7u6_amd64.deb ../
sudo dpkg -i libgcrypt11_1.5.0-5+deb7u6_amd64.deb
./chrome-wrapper

Answer 5

On an Ubuntu 13.04 computer, the executable chromium-browser-sandbox has the file permission 4755 and is owned by root

root@ubuntu:~# ls -l /usr/lib/chromium-browser/chromium-browser-sandbox
-rwsr-xr-x 1 root root 13904 Jul 18 16:11 /usr/lib/chromium-browser/chromium-browser-sandbox

I guess you need to use the command chown root.root /path/to/chrome_sandbox to make root the owner of the executable.