[Nix-dev] Using chromium from nixpkgs on non-NixOS
Christopher Rooney
christopher.j.rooney at gmail.com
Mon Sep 28 23:42:42 CEST 2015
You can also run chromium with --no-sandbox, which pops up a warning.
Whether this is safer than setuid-ing the sandboxer is your call, but I do
it because I imagine chown-ing and chmod-ing the sandboxer will screw up
nix updates.
(aszlig, sorry to double hit you.)
On Mon, Sep 28, 2015 at 3:02 PM, aszlig <aszlig at redmoonstudios.org> wrote:
> On Mon, Sep 28, 2015 at 09:21:16AM -0700, Richard Wallace wrote:
> > Is there a workaround for this?
>
> The reason for this is that the sandbox binary either needs to be setuid
> root (not recommended) or you need to enable CONFIG_USER_NS in your
> kernel (which is the case on NixOS kernels) in order to allow the
> sandbox to setup a chroot environment and additional namespaces.
>
> a!
> --
> aszlig
> Universal dilettante
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iF4EAREIAAYFAlYJlbgACgkQ0OvQ7IwtyWGxugD/YCKSrv8x/6AbRr640coHRwM/
> VcJpUdgBELR5xFFW9a0A/2cwAckg0l6JX8oVMxcLGRpu8vUY5OAkAFxLZEqvwUiM
> =bIbw
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
"Context" is the mother of prevarication.
-- Ken White
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150928/fe85ba01/attachment.html
More information about the nix-dev
mailing list