Re: [Nix-dev] Using chromium from nixpkgs on non-NixOS

[aszlig]

On Mon, Sep 28, 2015 at 09:21:16AM -0700, Richard Wallace wrote:
> Is there a workaround for this?

The reason for this is that the sandbox binary either needs to be setuid
root (not recommended) or you need to enable CONFIG_USER_NS in your
kernel (which is the case on NixOS kernels) in order to allow the
sandbox to setup a chroot environment and additional namespaces.

a!
-- 
aszlig
Universal dilettante


signature.asc
Description: Digital signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Using chromium from nixpkgs on non-NixOS

[Christopher Rooney]

You can also run chromium with --no-sandbox, which pops up a warning.
Whether this is safer than setuid-ing the sandboxer is your call, but I do
it because I imagine chown-ing and chmod-ing the sandboxer will screw up
nix updates.

(aszlig, sorry to double hit you.)

On Mon, Sep 28, 2015 at 3:02 PM, aszlig  wrote:

> On Mon, Sep 28, 2015 at 09:21:16AM -0700, Richard Wallace wrote:
> > Is there a workaround for this?
>
> The reason for this is that the sandbox binary either needs to be setuid
> root (not recommended) or you need to enable CONFIG_USER_NS in your
> kernel (which is the case on NixOS kernels) in order to allow the
> sandbox to setup a chroot environment and additional namespaces.
>
> a!
> --
> aszlig
> Universal dilettante
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iF4EAREIAAYFAlYJlbgACgkQ0OvQ7IwtyWGxugD/YCKSrv8x/6AbRr640coHRwM/
> VcJpUdgBELR5xFFW9a0A/2cwAckg0l6JX8oVMxcLGRpu8vUY5OAkAFxLZEqvwUiM
> =bIbw
> -END PGP SIGNATURE-
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>


-- 
"Context" is the mother of prevarication.
-- Ken White
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Using chromium from nixpkgs on non-NixOS

[Richard Wallace]

Hey all,

I'm running Arch Linux on my desktop because I haven't been able to get
NixOS installed. It's an older Mac tower and last time I tried I ran into
issues . This is something I
hope to revisit in the near future, probably once 15.09 is released.

For now, I'm using nixpkgs as much as possible. Recently, I moved all the
packages I had installed as systemPackages on my laptop, which is running
NixOS, into an environment in .nixpkgs/config.nix <
https://github.com/purefn/dot-files/blob/master/dot/nixpkgs/config.nix> and
am managing them that way.

Because I share my dot-files on my laptop and desktop, this means that
chromium is now installed on my desktop through nixpkgs. When trying to
start chromium on my desktop I get the error

[28104:28104:0928/085508:FATAL:setuid_sandbox_host.cc(158)] The SUID
sandbox helper binary was found, but is not configured correctly. Rather
than run without sandboxing I'm aborting now. You need to make sure that
/nix/store/9c8019j611087855flmq7ll5jrhjpv4g-chromium-45.0.2454.93/libexec/chromium/chrome-sandbox
is owned by root and has mode 4755.
Aborted (core dumped)

Is there a workaround for this?

Thanks,
Rich
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev