Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#54321 - [linux] enable namespaces sandbox

Attached to Project: Arch Linux
Opened by krisko (krisko) - Tuesday, 06 June 2017, 06:46 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 06 June 2017, 13:26 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


when running e.g. Brave browser, you have to add --no-sandbox to be able to start. There are native ways of supporting sandboxing directly in kernel, which should be enabled in kernel config.
See discussion, namely the parameters

More info about namespaces sandbox

Additional info:
* package version(s) - 4.11.2
* config and/or log files etc.

Steps to reproduce:
download brave
unpack and try to run ./brave

you get:
[25980:25980:0606/] No usable sandbox! Update your kernel or see for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 06 June 2017, 13:26 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#36969 
Comment by loqs (loqs) - Tuesday, 06 June 2017, 13:13 GMT