Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

Chrome Sandbox

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

Chrome Sandbox

Postby ben » Thu Jul 20, 2017 9:15 am

Is there a way to run CEF-Applications withouth the Chrome sandbox under Linux?

So far I tried running cmake with the CLI flag, but it stills adds the sandbox to the build.
Code: Select all
cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DUSE_SANDBOX=OFF ..

When I remove the sandbox-helper from the build directory and run the application, it tells me to run CEF with the "no-sandbox" flag.
But passing it to main_args() still doesn't disable the sandbox.

I'm using the scheme_handler-example as template for my own application, the application is compiled on Linux and should run only on Linux.
Any help would be greatly appreciated!

DISCLAIMER: I know the sandbox is there for a reason, I deliberately want to turn it off ;)
ben
Newbie
 
Posts: 5
Joined: Mon May 29, 2017 8:52 am
Top

Re: Chrome Sandbox

Postby magreenblatt » Thu Jul 20, 2017 11:10 am

You're likely running into https://bitbucket.org/chromiumembedded/cef/issues/2208/ which was fixed recently.
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top

Re: Chrome Sandbox

Postby ben » Fri Jul 21, 2017 4:55 am

After updating to the latest release of CEF the problem still remains.

When running CMake with the -DUSE_SANDBOX=OFF flag, the build process still adds the sandbox to Release.
Code: Select all
-- *** CEF CONFIGURATION SETTINGS ***
-- Generator:                    Unix Makefiles
-- Platform:                     Linux
-- Project architecture:         x86_64
-- Build type:                   Release
-- Binary distribution root:     ~/cef-project/third_party/cef/cef_binary_3.3071.1649.g98725e6_linux64
-- Standard libraries:           X11
-- Compile defines:              __STDC_CONSTANT_MACROS;__STDC_FORMAT_MACROS;_FILE_OFFSET_BITS=64
-- Compile defines (Debug):     
-- CEF Binary files:             chrome-sandbox;libcef.so;natives_blob.bin;snapshot_blob.bin


The "--no-sandbox"-Flag still seems to be ignored.
When running the CEF-application with the flag I get this error:
Code: Select all
[0721/115147.434670:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that ~/cef-project/build/Release/chrome-sandbox is owned by root and has mode 4755.

When removing the sandbox-helper binary from the Release directory and running (with flag) I get the following error:
Code: Select all
[0721/114833.686426:FATAL:zygote_host_impl_linux.cc(107)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
ben
Newbie
 
Posts: 5
Joined: Mon May 29, 2017 8:52 am
Top

Re: Chrome Sandbox

Postby magreenblatt » Fri Jul 21, 2017 6:35 pm

What Linux distro are you using? Are you testing with the cefclient or cefsimple application?
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 42 guests

Powered by phpBB® Forum Software © phpBB Group