Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the correct name for the setuid sandbox #4223

Merged
merged 1 commit into from
Dec 18, 2019
Merged

Use the correct name for the setuid sandbox #4223

merged 1 commit into from
Dec 18, 2019

Conversation

fmarier
Copy link
Member

@fmarier fmarier commented Dec 13, 2019
edited
Loading

Fixes brave/brave-browser#6247.

The browser actually expects a hard-coded binary (chrome-sandbox) in order for the deprecated SUID sandbox to be used. This change ensures that it doesn't get renamed to brave-sandbox.

Submitter Checklist:

Test Plan:

  1. Install the .deb package on an Ubuntu machine.
  2. Disable user namespaces: sudo sysctl -w kernel.unprivileged_userns_clone=0
  3. Launch brave-browser-stable.
  4. Verify that the Layer 1 SUID sandbox is enabled in brave://sandbox:
    Screenshot from 2019-12-12 16-24-57

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@fmarier fmarier added this to the 1.4.x - Nightly milestone Dec 13, 2019
@fmarier fmarier self-assigned this Dec 13, 2019
@fmarier fmarier force-pushed the francois-rename-chrome-sandbox-6247 branch 6 times, most recently from 95a05f9 to c411e62 Compare December 18, 2019 00:57
@fmarier fmarier force-pushed the francois-rename-chrome-sandbox-6247 branch from c411e62 to 9c4db36 Compare December 18, 2019 17:23
@fmarier fmarier merged commit 3b123e6 into master Dec 18, 2019
@fmarier fmarier deleted the francois-rename-chrome-sandbox-6247 branch December 18, 2019 21:07
This was referenced Dec 18, 2019
Closed
Closed
brave-builds pushed a commit that referenced this pull request Dec 19, 2019
@brave-browser-releases
Uplift of #4223 (squashed) to dev
4f7183d
brave-builds pushed a commit that referenced this pull request Dec 19, 2019
@brave-browser-releases
Uplift of #4223 (squashed) to beta
a94044c
This was referenced Dec 19, 2019
Merged
Merged
@kjozwiak
Copy link
Member

Using the STR from #4223 (comment), went through the following using 1.4.44:

Ubuntu 19.10 x64 - PASSED

Screen Shot 2019-12-24 at 10 20 32 AM

Ubuntu 18.04 x64 - PASSED

Screen Shot 2019-12-24 at 10 29 54 AM

@btlechowski btlechowski mentioned this pull request Jan 3, 2020
Closed
@fmarier fmarier mentioned this pull request Oct 12, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver approved these changes

@AlexeyBarabash AlexeyBarabash Awaiting requested review from AlexeyBarabash

@mkarolin mkarolin Awaiting requested review from mkarolin

Assignees

@fmarier fmarier

Labels
None yet
Projects
None yet
Milestone
1.4.x - Release
Development

Successfully merging this pull request may close these issues.

Linux SUID sandbox doesn't work in Brave
3 participants
@fmarier @kjozwiak @bridiver