Browser-laptop: Brave will not start on Arch Linux: No usable sandbox
Did you search for similar issues before submitting this one?
Yes. There are a number of bugs regarding this error message and extensive discussion at https://github.com/brave/browser-laptop/issues/6902. However, the only solution reported as successful involved enabling kernel user namespaces, which is awkward in Arch Linux so I'm hoping another chromium sandboxing method can be used.
The closest open bug is https://github.com/brave/browser-laptop/issues/7146 but this is specifically for Kali Linux.
Describe the issue you encountered:
After installing Brave from source, it won't run. See below for the error message, which says there is no usable chromium sandbox.
However, chromium is adequately sandboxed on my machine: opening chrome://sandbox shows:
The standard Arch Linux kernel does not have user namespaces enabled (a deliberate decision by maintainers). In order to enable this feature an Arch user must either recompile the kernel manually or install a custom kernel (though the corresponding AUR package linux-userns is out of date).
Is it possible for Brave to use SUID sandboxing instead? Or is it already trying to fall back to SUID sandboxing on my system (as chromium itself does) but failing for some reason?
Platform (Win7, 8, 10? macOS? Linux distro?):
Arch Linux 4.11.9 x86-64 (standard kernel)
Brave Version (revision SHA):
https://github.com/brave/browser-laptop/commit/c8e92a1034ba9f62443cda761f574acb1e56b1b4
Steps to reproduce:
- Follow instructions for running from source (clone repo,
yarn) - Follow instructions for running Brave (
npm run watch,npm start)
Actual result:
❤ @glit ➜ brave git:(master) ★ npm start
> [email protected] start /home/katy/packages/brave
> node ./tools/start.js --user-data-dir=brave-development --enable-logging --v=0 --enable-extension-activity-logging --enable-sandbox-logging --enable-dcheck
[11649:11649:0711/113459.211796:FATAL:zygote_host_impl_linux.cc(107)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
process exited with code 0
Expected result:
Brave browser starts normally.
Is this an issue in the currently released version?
yes
Can this issue be consistently reproduced?
yes
kmoe
All 29 comments
Please see https://github.com/brave/browser-laptop/blob/master/docs/linuxInstall.md for more info. sorry I found you have.
luixxiul
on 12 Jul 2017
This bug also affects Debian (stretch). I cannot run the browser with sandboxing enabled (and I won't use it with sandboxing disabled).
Als see this issue:
https://bugs.chromium.org/p/chromium/issues/detail?id=312380
aykevl
on 3 Aug 2017
@aykevl did you try https://github.com/brave/browser-laptop/issues/6902#issuecomment-285130546 already?
luixxiul
on 3 Aug 2017
No, should test that.
I would consider it a workaround, though, requiring special kernel configs just to run a browser seems kinda absurd to me. I expect it to just work.
aykevl
on 4 Aug 2017
I expect it to just work.
I'd agree.
luixxiul
on 6 Aug 2017
Same here on 4.12.6-1-ARCH. Chrome works, Brave not.
tracktraps
on 16 Aug 2017
same here on 4.12.8-2-ARCH
giving up on brave for now. recompiling kernel just isn't an option
titolins
on 26 Aug 2017
I spoke to Sampson and we found a similar issue on Deepin Debian, getting a no usable sandbox error on version 0.18.23
Lite5h4dow
on 2 Sep 2017
@Lite5h4dow Thanks for tackling that issue with me. Just to add to your feedback, we were able to get Brave to run when we explicitly passed the --no-sandbox argument.
jonathansampson
on 2 Sep 2017
yeah, thats what we ended up doing, im downloading the 19.3 beta to see if it has the same issue, ill update when i actually get it downloaded :+1:
Lite5h4dow
on 2 Sep 2017
same issue 👎 no luck with 19.3
Lite5h4dow
on 2 Sep 2017
https://bugs.chromium.org/p/chromium/issues/detail?id=598454
Just found out that Chrome removed the dependency from Linux setuid binary sandbox ! Only the settings of the sandbox stays enabled just for Chrome to keep working normally. But the functionality binding is removed, as I understand it...!?
https://bugs.chromium.org/p/chromium/issues/detail?id=312380
Taking a look on the backlogs, it's not clear to see if the issue is progressing...?
So frustrating...
How to contact those guys assigned for the Chromium bug?
I use Debian Stretch 9.1
Even installing the UML package did not work (User-Mode-Linux). Not sure if it has anything to do with the issue...!?
bytesorchestra
on 7 Oct 2017
@bytesorchestra have you ever tried https://github.com/brave/browser-laptop/blob/master/docs/linuxInstall.md#linux-install-instructions and https://github.com/brave/browser-laptop/blob/master/docs/linuxInstall.md#debian-jessie-and-ubuntu-artful-zesty-yakkety-xenial-and-trusty-amd64?
luixxiul
on 7 Oct 2017
@luixxiul Yes, I already did. Did not help at all...
bytesorchestra
on 7 Oct 2017
please paste the log of the error, thanks.
luixxiul
on 8 Oct 2017
@luixxiul Here you have it:
"xxxx@kvh:~$ brave
[11277:11277:1008/041909.128141:FATAL:zygote_host_impl_linux.cc(107)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
Aborted
"
bytesorchestra
on 8 Oct 2017
Status please.
leodutra
on 16 May 2018
For anyone that's struggling with this on Arch and doesn't want to do the insecure --no-sandbox flag I was able to get this working by enabling unprivileged containers in my system. I followed the instructions on the Arch Wiki and specifically only used the 'temporary' solution via sysctl.
someguynamedmatt
on 15 Jul 2018
I'm seeing this problem in Debian testing/buster. I have a custom kernel (4.18.3) and the docs linked to in this error (https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md) don't clearly state what kernel config option needs to be enabled to get brave to work. Does someone here have this info? CONFIG_NAMESPACES is enabled. Then we can update the error message.
Also, the document itself says that it's out of date. Brave should maintain their own copy of this if it's still relevant.
Here's my error:
$ brave
[2090:2090:0821/193622.696411:FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can
try using --no-sandbox.
Trace/breakpoint trap
nikolas
on 22 Aug 2018
Nevermind, I found the kernel config option: CONFIG_USER_NS. I'm grepping for this error message in Brave's source so I can update the docs but I can't find it - can anyone help with this?
nikolas
on 22 Aug 2018
With the new kernel, I also had a problem with running. Before updating the kernel, everything worked.
[9829:9829:0827/152816.063604:FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
Trap debugger/breakpoint (memory dump)
ririen
on 27 Aug 2018
@redni that means that the CONFIG_USER_NS option isn't turned on in your kernel. We need to update that error message.
nikolas
on 27 Aug 2018
I have in the kernel: CONFIG_USER_NS=y and CONFIG_NAMESPACES=y. And it still does not work. The settings of the kernel did not change at all, just after the departure of the new kernel number brave stopped working.
ririen
on 29 Aug 2018
For folks experiencing this, can you please try grabbing the new version of Brave?
https://brave.com/download
If you run still run into problems, let's create an issue in the new repository:
https://github.com/brave/brave-browser
bsclifton
on 19 Oct 2018
I still experience the problem with version 0.56.12
OS is Debian 9.6
daniel-mueller
on 12 Nov 2018
For Debian there is open issue at https://github.com/brave/brave-browser/issues/1986#issuecomment-435824433 including a "workaround".
Mikaela
on 13 Nov 2018
Still happening on Manjaro with Linux 4.19.1
[11991:11991:1114/225404.179905:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
Trace/breakpoint trap (core dumped)
simonorono
on 15 Nov 2018
Just posted about this in various comments on this "issue"... In Artix OS, using "runit" / no systemd. Managed to get it installed using "yaourt", then got the namespace message about not being enabled. Then enabled it, then got "Trace/breakpoint trap" in terminal after trying to run "brave" in terminal. It appears in "Internet" menu and so forth, but just doesn't do anything.
Smooey
on 22 Dec 2018
Leaving an update error log here, I know you're not supposed to do this but I did it anyway. I'm posting from Virtual Box with Artix Linux OS... I ran brave from terminal with sudo privs... then got these errors from terminal. Not sure if it answers any of the questions to above errors though..
[2550:2550:1222/004537.506003:ERROR:gl_implementation.cc(281)] Failed to load /usr/lib/brave-bin/swiftshader/libGLESv2.so: /usr/lib/brave-bin/swiftshader/libGLESv2.so: cannot open shared object file: No such file or directory
[2550:2550:1222/004537.542359:ERROR:viz_main_impl.cc(184)] Exiting GPU process due to errors during initialization
[2575:2575:1222/004538.154049:ERROR:gl_implementation.cc(281)] Failed to load /usr/lib/brave-bin/swiftshader/libGLESv2.so: /usr/lib/brave-bin/swiftshader/libGLESv2.so: cannot open shared object file: No such file or directory
[2575:2575:1222/004538.200410:ERROR:viz_main_impl.cc(184)] Exiting GPU process due to errors during initialization
[2520:2527:1222/004538.341180:ERROR:browser_gpu_channel_host_factory.cc(139)] Failed to launch GPU process.
[2520:2613:1222/004538.510565:ERROR:bus.cc(396)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[2520:2537:1222/004538.940167:ERROR:rewards_service_impl.cc(139)] Failed to read file: /root/.config/BraveSoftware/Brave-Browser/Default/ledger_state
[2520:2527:1222/004540.105293:ERROR:browser_gpu_channel_host_factory.cc(139)] Failed to launch GPU process.
[2520:2520:1222/004540.324615:ERROR:x11_input_method_context_impl_gtk.cc(144)] Not implemented reached in virtual void libgtkui::X11InputMethodContextImplGtk::SetSurroundingText(const base::string16 &, const gfx::Range &)
[2520:2520:1222/004540.573682:ERROR:gpu_process_transport_factory.cc(967)] Lost UI shared context.
[2520:2520:1222/004543.379631:ERROR:brave_stats_updater.cc(141)] Failed to send usage stats to update server, error: -2, response code: 400, url: https://laptop-updates.brave.com/1/usage/brave-core?platform=linux-bc&channel=unknown&version=0.57.18&daily=true&weekly=true&monthly=true&first=true&woi=2018-12-17&ref=none
Smooey
on 22 Dec 2018
Related issues
briannyeko
·
3Comments
eljuno
·
3Comments
luixxiul
·
3Comments
jonathansampson
·
3Comments
mykkymk
·
3Comments