-
Notifications
You must be signed in to change notification settings - Fork 974
Brave won't start [sandbox] #6902
Comments
I'm on Debian 8 (Jessie) with default 3.16.0-4 kernel and get similar issues.
Using
|
Duping to #6909 |
The fix will be included in 0.13.1 |
The problem remains in Debian Linux 8.6 (jessie) even with this fix (0.13.1) |
0.13.1 is now working with |
brave@0.13.2 is working for me on Ubuntu 13.10 with |
I'm also seeing the same issue on 0.13.1 - Debian 8, with the 4.9 kernel from backports. Same with 0.13.4. |
I'm also seeing the same issue on 0.13.2-1 on Debian 8 with 4.9 kernel from backports. |
0.13.4-1 Seems to work with kernel 3.16.0-4 when using --no-sandbox. Hopefully sandbox works with stretch. OT: Gonna upgrade when bunsenlabs is ready for that (haven't yet read much about that, but someone have had problems so still waiting...). Edit: Upgraded to Stretch (kernel 4.9.0-1-amd64), still doesn't work without --no-sandbox. (Also seems that there's not yet stretch repos for brave. but that's offtopic) |
I just observed the same issue. Brave 0.13.4-1 and kernel 3.16.0-4 on Debian Jessie. |
@Chapec can you test to see if docker works on your system. We use the same APIs |
Oh dear, this is something else than i thought |
@alfredocdmiranda I see that the problem happens even if you disable the sandbox, so this is actually a different bug than this ticket addresses. I'll file a new issue |
Still facing the same problem with kernel 4.9 brave 0.13.4 on debian stretch. though i can at least use the browser with with --no-sandbox. |
Brave 0.13.5 (rev 1db81cb) on Jessie with 4.9 kernel. Still requires
This issue needs to be re-opened. |
I packaged brave for Funtoo Linux. I do not face this issue myself, but some users do, with 0.13.1. I just added 0.13.5 and 0.12.15, so they can test with these versions. I'll report back. Edit: I confirm users still have the same issue with 0.13.5. Version 0.12.15 works fine for them. I personally can launch either version successfully without
|
@Fromax Sadly it seems like it's more important to keep the number of open issues low than actually fix the issues. I know / hope this is not the case, but still feels like it sometimes. I'm currently using Brave only with Android, was forced to make this switch back to firefox (not gonna use with --no-sandbox)... |
Enabling user namespaces in the kernel does not work on CentOS 7 (per my Nov 29 post above). Every reference to Linux I've seen regarding this issue actually refers only to debian. I have not found any workaround that enables me to run Brave on RHEL. |
@MidnightJava Does you CentOS 7 setup support docker and firejail? |
@posix4e: I don't use firejail, but I use docker quite a bit, with no issues. |
@MidnightJava I am trying to figure out what's not working . We rely on the same kernel api as docker
|
Yes, I get the same thing. Here's my output.
|
@MidnightJava can you post a recursive strace , strace -fi -o foo brave then cat foo | nc termbin.com 9999 and tell me the url |
@posix4e: Thanks for working on this. The URL is http://termbin.com/4213 |
I did the following for it to survive reboot (system Debian 9). |
Have to run Brave (0.19.134) with The link that is included with the error says that "The Linux SUID sandbox is almost but not completely removed.", so the sandbox is outdated anyway?: https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md I don't have root access on this machine, so this seems to be the only way to run Brave. All other browsers run fine, so is this a Brave specific thing? |
Hi, I'm facing the same issue. Linux
Brave : |
@thejuln seems as though others listed a fix. Did you try it? |
@posix4e that's not a fix, it's a bad workaround. Brave is still not an acceptable browser for people when the first experience is a core dump with improper instruction. |
Hi @posix4e I followed the link provided by "jbrockc" and it's works, I agree with @keverets that it's more a Workaround than a Fix.
|
In Debian enable the userns kernel option, temporally would be: Permanent solution would be:
|
Is there any progress in Brave supporting RHEL? every time I see an update, I give it a try, and always I get the unresolvable "No usable sandbox!" error. |
Brave will run on RHEL, at least I've run it on Scientific Linux 7.4 which should be equivalent. The default number of max_user_namespaces is 0, so by providing a value greater than 0, you can run Brave browser. Not sure that you need 10,000, but I've not bothered to experiment with other values.
The following post explains the details. |
Thanks, it was the setting a value for max_user_namespaces > 0 that did the trick. I enabled user namespaces months ago when I first tried to use Brave, and I never saw any mention of the need to set that value in any of the instructions I consulted for enabling user namespaces—just the need to set the boot args. Maybe that value is not defaulted to zero on debian, I don't know. You're the first person that was able to tell me how to make it work in RHEL. |
Why does Brave use user namespaces? The link says that "this is especially useful for providing root access inside of a container". Why would Brave need root in a container, or is there another use case? The error message is very non-instructive. Also, why exactly is it dangerous to run Brave with By the way, I can 'fake uid 0' with PRoot, so could someone elaborate on the exact problem that namespaces solve beyond what PRoot can do? See https://github.com/proot-me/PRoot $ cat /proc/sys/user/max_user_namespaces 0 $ id uid=30(XX) gid=30(XX) $ ./proot-x86_64 -0 # whoami root # id uid=0(root) gid=0(root) Any more information would be appreciated because I can't fix the problem (no real root) and the warning message seems very severe. Should I stop using Brave because it is too dangerous to do so? |
See https://bugs.chromium.org/p/chromium/issues/detail?id=312380 for more info on why we don't support the setuid sandbox, which is what chrome uses for sandboxing on systems that don't support user namespaces. |
See https://chromium.googlesource.com/chromium/src/+/b4730a0c2773d8f6728946013eb812c6d3975bec/docs/design/sandbox.md for what sandboxing is in chrome/brave and why it's important |
having the issue. I see its mentioned that if docker works on a machine, this wont either because they use the same API. In other words, this wont work on any vm of any kind unless you have nested virtualization. Which is a shame. VDIs are growing and growing |
problem remains in v. 0.23.73 |
the same problem remains in v. 0.23.79-1 (so it works with |
This issue should be resolved with the Chromium-based refactor. We don't plan to do any more work on this issue in the current Muon-based Brave. If this issue still exists with the re-factor, please open a new issue in https://github.com/brave/brave-browser/issues . |
Did you search for similar issues before submitting this one?
Yes
Describe the issue you encountered:
Brave won't start
Platform (Win7, 8, 10? macOS? Linux distro?):
Debian 9 (Testing) Kernel 4.9
Brave Version (revision SHA):
Brave 0.13.0 808997e
Steps to reproduce:
Actual result:
Brave won't start
Will the steps above reproduce in a fresh profile? If not what other info can be added?
Yes
Is this an issue in the currently released version?
Yes
Can this issue be consistently reproduced?
Yes
Screenshot if needed:
The text was updated successfully, but these errors were encountered: