You can also run chromium with --no-sandbox, which pops up a warning. Whether this is safer than setuid-ing the sandboxer is your call, but I do it because I imagine chown-ing and chmod-ing the sandboxer will screw up nix updates.
(aszlig, sorry to double hit you.) On Mon, Sep 28, 2015 at 3:02 PM, aszlig <[email protected]> wrote: > On Mon, Sep 28, 2015 at 09:21:16AM -0700, Richard Wallace wrote: > > Is there a workaround for this? > > The reason for this is that the sandbox binary either needs to be setuid > root (not recommended) or you need to enable CONFIG_USER_NS in your > kernel (which is the case on NixOS kernels) in order to allow the > sandbox to setup a chroot environment and additional namespaces. > > a! > -- > aszlig > Universal dilettante > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iF4EAREIAAYFAlYJlbgACgkQ0OvQ7IwtyWGxugD/YCKSrv8x/6AbRr640coHRwM/ > VcJpUdgBELR5xFFW9a0A/2cwAckg0l6JX8oVMxcLGRpu8vUY5OAkAFxLZEqvwUiM > =bIbw > -----END PGP SIGNATURE----- > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > -- "Context" is the mother of prevarication. -- Ken White
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
