编译与由于SUID沙箱问题，执行Chromium失败 [英] compile & execute Chromium failed due to SUID sandbox issue

问题描述

在Ubuntu 13.10上编译并运行Chromium源代码

Compile and run Chromium source code on Ubuntu 13.10

git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git
add to bashrc :
    export PATH="$PATH":/home/y0.kim/project/depot_tools    
    export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
fetch --nohooks chromium --nosvn=True
git checkout master
build/install-build-deps.sh
git pull
gclient sync
ninja -C out/Debug chrome chrome_sandbox
build/update-linux-sandbox.sh
out/Debug/chrome               -> Fail
out/Debug/chrome --no-sandbox  -> Fail

问题:

获取源代码并编译没有问题. 但是，当我执行chrome时，出现以下错误

Problem :

get the source code and compiled without problem. However, when i execute chrome, i have below error

正常执行

:~/project2/src$ out/Debug/chrome
The setuid sandbox provides API version 1, but you need 0
Please read https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment.

[37555:37588:0616/152604:FATAL:browser_main_loop.cc(207)] <unknown>: Command line `dbus-launch --autolaunch=f271cc756e9c41e457760b8c00000496 --binary-syntax --close-stderr' exited with non-zero exit status 1: Autolaunch error: X11 initialization failed.\n
#0 0x7f570456a39d base::debug::StackTrace::StackTrace()
#1 0x7f57045bc51d logging::LogMessage::~LogMessage()
#2 0x7f5707e45cef content::(anonymous namespace)::GLibLogHandler()
#3 0x7f5701c20f61 g_logv
#4 0x7f5701c21172 g_log
#5 0x7f56f5240d2a <unknown>
#6 0x7f56f5241087 <unknown>
#7 0x7f5701c19d13 g_main_context_dispatch
#8 0x7f5701c1a060 <unknown>
#9 0x7f5701c1a45a g_main_loop_run
#10 0x7f56f524098b <unknown>
#11 0x7f5701c3b9b5 <unknown>
#12 0x7f56fdfd0e9a start_thread
#13 0x7f56fc1853fd clone

Aborted (core dumped)

使用--no-sandbox执行

~/project2/src$ out/Debug/chrome --no-sandbox
[19653:19653:0616/152447:ERROR:browser_main_loop.cc(161)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on.
[19653:19656:0616/152447:FATAL:browser_main_loop.cc(207)] <unknown>: Command line `dbus-launch --autolaunch=f271cc756e9c41e457760b8c00000496 --binary-syntax --close-stderr' exited with non-zero exit status 1: Autolaunch error: X11 initialization failed.\n
#0 0x7f8f13bbe39d base::debug::StackTrace::StackTrace()
#1 0x7f8f13c1051d logging::LogMessage::~LogMessage()
#2 0x7f8f17499cef content::(anonymous namespace)::GLibLogHandler()
#3 0x7f8f11274f61 g_logv
#4 0x7f8f11275172 g_log
#5 0x7f8f05095d2a <unknown>
#6 0x7f8f05096087 <unknown>
#7 0x7f8f1126dd13 g_main_context_dispatch
#8 0x7f8f1126e060 <unknown>
#9 0x7f8f1126e45a g_main_loop_run
#10 0x7f8f0509598b <unknown>
#11 0x7f8f1128f9b5 <unknown>
#12 0x7f8f0d624e9a start_thread
#13 0x7f8f0b7d93fd clone

Aborted (core dumped)
:~/project2/src$ [0616/152448:ERROR:nacl_helper_linux.cc(277)] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly

我尝试解决此问题的步骤:

1. 转到 https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
2. 阅读
3. 再次使用chrome_sandbox构建了chrome
   • ninja -C out/Debug chrome chrome_sandbox

1. went to https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
2. read it
3. built chrome with chrome_sandbox again
   • ninja -C out/Debug chrome chrome_sandbox

• export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox

我想知道的事情:

1. 在上述情况下如何执行Chrome?
2. --no-sandbox选项不起作用的原因是什么?

1. What should I do to execute Chrome on above situation?
2. What would be the reason that --no-sandbox option did not work?

任何输入将不胜感激.

年轻.

推荐答案

此错误消息...

The setuid sandbox provides API version 1, but you need 0

...表示您的setuid二进制文件已过期，因此该程序无法启动/生成新的浏览上下文即 Chrome浏览器会话.

...implies that your setuid binary is out of date hence the program was unable to initiate/spawn a new Browsing Context i.e. Chrome Browser session.

根据 Linux SUID中的文档沙盒开发 google-chrome 需要一个SUID帮助程序二进制文件才能在Linux上打开沙箱.在大多数情况下，您可以使用以下命令为您安装适当的沙箱:

As per the documentation in Linux SUID Sandbox Development google-chrome needs a SUID helper binary to turn on the sandbox on Linux. In majority of the cases you can install the proper sandbox for you using the command:

build/update-linux-sandbox.sh

该程序将在/usr/local/sbin中为您安装正确的沙盒，并告诉您在需要时更新.bashrc.

This program will install the proper sandbox for you in /usr/local/sbin and tell you to update your .bashrc if required.

但是，可能会有一些例外情况，例如，如果您的setuid二进制文件已过期，则会收到诸如以下消息:

However, there can be some exceptions as an example, if your setuid binary is out of date, you will get messages such as:

The setuid sandbox provides API version X, but you need Y
You are using a wrong version of the setuid binary!

在这种情况下，您需要执行以下步骤:

In these cases, you need to follow the steps below:

• 只要构建chrome(ninja -C xxx chrome chrome_sandbox而不是ninja -C xxx chrome)，就构建chrome_sandbox

• 构建后，执行update-linux-sandbox.sh.

• Build chrome_sandbox whenever you build chrome (ninja -C xxx chrome chrome_sandbox instead of ninja -C xxx chrome)

• After building, execute update-linux-sandbox.sh.

# needed if you build on NFS!
sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox
sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox

最后，您必须在~/.bashrc(或.zshenv)中包括以下行:

Finally, you have to include the following line in your ~/.bashrc (or .zshenv):

export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox

您可以在以下位置找到文档:

You can find the documentations in:

• 问题369100:错误:nacl_helper_linux.cc(233)NaCl帮助器进程在没有沙箱的情况下运行！
• 问题318646:Chrome无法在更新至最新稳定版本后启动版本
• 问题598454:在台式机Linux上停止检查setuid sanbox二进制文件

• Issue 369100: ERROR:nacl_helper_linux.cc(233) NaCl helper process running without a sandbox!
• Issue 318646: Chrome won't start after update to latest stable version
• Issue 598454: Stop checking for the setuid sanbox binary on desktop Linux

Linux SUID沙箱

这篇关于编译与由于SUID沙箱问题，执行Chromium失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！