No Sandbox, but CONFIG_USER_NS is set in kernel [linux]

[CurtisLeeBolin]

Similar Issues

#8960

Description

Braves is running with the --no-sandbox argument.

Steps to Reproduce

$ brave
$ pidof brave
1693 1646 1377 1269 1268 1234 1229 1226 1213 1034 1018
$ cat /proc/1018/cmdline 
/usr/lib/brave-bin/brave --no-sandbox --

Expected result:
Run with sandbox.

Brave Version

about:brave info:
Brave: 0.18.36
rev: 7ab85e9
Muon: 4.3.22
libchromiumcontent: 61.0.3163.79
V8: 6.1.534.32
Node.js: 7.9.0
Update Channel: dev
OS Platform: Linux
OS Release: 4.13.3-1-hardened
OS Architecture: x64

Additional Information

The kernel and sysctl are configured correctly for the sandbox.

$ zcat /proc/config.gz | grep CONFIG_USER_NS
CONFIG_USER_NS=y
$ sudo sysctl kernel.unprivileged_userns_clone
kernel.unprivileged_userns_clone = 1

[luixxiul]

did you read https://github.com/brave/browser-laptop/blob/master/docs/linuxInstall.md ?

[CurtisLeeBolin]

@luixxiul, yes, I gave the "Additional Information" showing I have namespace setup correctly as referenced in https://github.com/brave/browser-laptop/blob/master/docs/linuxInstall.md.

[diracdeltas]

@CurtisLeeBolin how did you install Brave?

[CurtisLeeBolin]

I used the brave-bin package in the Arch Linux AUR.
https://aur.archlinux.org/packages/brave-bin

[CurtisLeeBolin]

@diracdeltas, your question made me look deeper into the package's PKGBUILD.

  _launcher="$pkgdir/usr/bin/brave"
  install -Dm0755 /dev/stdin "$_launcher"<<END
#!/usr/bin/sh

exec /usr/lib/$pkgname/brave --no-sandbox -- "\$@"
END

$ cat $(which brave)                                                
#!/usr/bin/sh                                                       

exec /usr/lib/brave-bin/brave --no-sandbox -- "$@" 

I will contact the package maintainer about correcting this problem.

[diracdeltas]

@CurtisLeeBolin thanks! would be great if they could fix it. --no-sandbox should not be the default.