No usable sandbox! when using amd64 binary on Debian 11

[jose1711]

Pulling Linux amd64, extracting and running as a regular user I got:

$ ./carbonyl 
[0210/221037.955657:FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com
/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live
dangerously and need an immediate workaround, you can try using --no-sandbox.

Next thing I tried was

$ chmod 4775 carbonyl
$ chown root:root carbonyl

This resulted in

$ ./carbonyl 
./carbonyl: error while loading shared libraries: libcarbonyl.so: cannot open shared object file: No such file or directory

and I was not able to make any progress from here. I can still run carbonyl with --no-sandbox but this is not exactly what I want.

OS: Debian 11 Bullseye

[fathyb]

This is a limitation from Chromium, you cannot use the sandbox and run as root. It is generally a bad idea to run browsers as root on UNIX systems, as these are running untrusted code that could escape web sandboxes.

[jose1711]

Please note that the error appears when running as a regular user, i. e. a user with no elevated rights.

[fathyb]

Sorry for closing too early! Are you able to run Chromium on the same system? I saw you changed the executable chmod and it made it fail loading libcarbonyl, something you could try is setting the same permissions on the .so files in the Carbonyl directory.

[jose1711]

I was able to install and run Chromium from distro repository without issues:

chromium       110.0.5481.77-1~deb11u1 amd64        web browser

Maybe it's some Debian system incompatibility as /usr/bin/chromium has the standard 0755 mod.

[JourneymanGeek]

I'm not sure if this is a solution for debian - but on ubuntu 24.04, the issue was due to apparmor. I ended up making a copy of /etc/apparmor.d/chrome , editing it to reflect the path to carbonyl (and setting the application name appropriately), and the error went away