compile & execute Chromium failed due to SUID sandbox issue

问题

What I'm trying to do :

Compile and run Chromium source code on Ubuntu 13.10

Steps I've taken :

git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git
add to bashrc :
    export PATH="$PATH":/home/y0.kim/project/depot_tools    
    export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
fetch --nohooks chromium --nosvn=True
git checkout master
build/install-build-deps.sh
git pull
gclient sync
ninja -C out/Debug chrome chrome_sandbox
build/update-linux-sandbox.sh
out/Debug/chrome               -> Fail
out/Debug/chrome --no-sandbox  -> Fail

Problem :

get the source code and compiled without problem. However, when i execute chrome, i have below error

normal execution

:~/project2/src$ out/Debug/chrome
The setuid sandbox provides API version 1, but you need 0
Please read https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment.

[37555:37588:0616/152604:FATAL:browser_main_loop.cc(207)] <unknown>: Command line `dbus-launch --autolaunch=f271cc756e9c41e457760b8c00000496 --binary-syntax --close-stderr' exited with non-zero exit status 1: Autolaunch error: X11 initialization failed.\n
#0 0x7f570456a39d base::debug::StackTrace::StackTrace()
#1 0x7f57045bc51d logging::LogMessage::~LogMessage()
#2 0x7f5707e45cef content::(anonymous namespace)::GLibLogHandler()
#3 0x7f5701c20f61 g_logv
#4 0x7f5701c21172 g_log
#5 0x7f56f5240d2a <unknown>
#6 0x7f56f5241087 <unknown>
#7 0x7f5701c19d13 g_main_context_dispatch
#8 0x7f5701c1a060 <unknown>
#9 0x7f5701c1a45a g_main_loop_run
#10 0x7f56f524098b <unknown>
#11 0x7f5701c3b9b5 <unknown>
#12 0x7f56fdfd0e9a start_thread
#13 0x7f56fc1853fd clone

Aborted (core dumped)

execution with --no-sandbox

~/project2/src$ out/Debug/chrome --no-sandbox
[19653:19653:0616/152447:ERROR:browser_main_loop.cc(161)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on.
[19653:19656:0616/152447:FATAL:browser_main_loop.cc(207)] <unknown>: Command line `dbus-launch --autolaunch=f271cc756e9c41e457760b8c00000496 --binary-syntax --close-stderr' exited with non-zero exit status 1: Autolaunch error: X11 initialization failed.\n
#0 0x7f8f13bbe39d base::debug::StackTrace::StackTrace()
#1 0x7f8f13c1051d logging::LogMessage::~LogMessage()
#2 0x7f8f17499cef content::(anonymous namespace)::GLibLogHandler()
#3 0x7f8f11274f61 g_logv
#4 0x7f8f11275172 g_log
#5 0x7f8f05095d2a <unknown>
#6 0x7f8f05096087 <unknown>
#7 0x7f8f1126dd13 g_main_context_dispatch
#8 0x7f8f1126e060 <unknown>
#9 0x7f8f1126e45a g_main_loop_run
#10 0x7f8f0509598b <unknown>
#11 0x7f8f1128f9b5 <unknown>
#12 0x7f8f0d624e9a start_thread
#13 0x7f8f0b7d93fd clone

Aborted (core dumped)
:~/project2/src$ [0616/152448:ERROR:nacl_helper_linux.cc(277)] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly

steps i've tried to fix the problem:

1. went to https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
2. read it
3. built chrome with chrome_sandbox again
   • ninja -C out/Debug chrome chrome_sandbox
4. executed build/update-linux-sandbox.sh again
5. checked again if ~/.bashrc have below line
   • export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox

what i would like to know:

1. What should I do to execute Chrome on above situation?
2. What would be the reason that --no-sandbox option did not work?

any input would be highly appreciated.

Young.

回答1:

I had a similar issue and when i run chrome with this flag it worked fine

 --disable-setuid-sandbox

回答2:

This error message...

The setuid sandbox provides API version 1, but you need 0

...implies that your setuid binary is out of date hence the program was unable to initiate/spawn a new Browsing Context i.e. Chrome Browser session.

---

As per the documentation in Linux SUID Sandbox Development google-chrome needs a SUID helper binary to turn on the sandbox on Linux. In majority of the cases you can install the proper sandbox for you using the command:

build/update-linux-sandbox.sh

This program will install the proper sandbox for you in /usr/local/sbin and tell you to update your .bashrc if required.

However, there can be some exceptions as an example, if your setuid binary is out of date, you will get messages such as:

The setuid sandbox provides API version X, but you need Y
You are using a wrong version of the setuid binary!

In these cases, you need to follow the steps below:

• Build chrome_sandbox whenever you build chrome (ninja -C xxx chrome chrome_sandbox instead of ninja -C xxx chrome)

• After building, execute update-linux-sandbox.sh.

  # needed if you build on NFS!
  sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox
  sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
  sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox
  

• Finally, you have to include the following line in your ~/.bashrc (or .zshenv):

  export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
  

---

Reference

You can find the documentations in:

• Issue 369100: ERROR:nacl_helper_linux.cc(233) NaCl helper process running without a sandbox!
• Issue 318646: Chrome won't start after update to latest stable version
• Issue 598454: Stop checking for the setuid sanbox binary on desktop Linux

---

tl; dr

Linux SUID Sandbox

回答3:

The answer to this problem is:

• Uninstall chromium using the root account.

• Reboot your system.

• Log in with the common user.

• Open a terminal, enter sudo and run the command to download the chromium in your system. In my case the command is: pacman -S chromium. In other distributions will probably be something like apt-get chromium.

来源：https://stackoverflow.com/questions/24237933/compile-execute-chromium-failed-due-to-suid-sandbox-issue