The default Chromium ebuild includes something referred to as a sandbox helper - it must be installed as suid root and its path has to be hard-coded at runtime. Otherwise the following error occurs: "The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chrome_sandbox is owned by root and has mode 4755." Obviously since Gentoo Prefix does not have root access, this is impossible. Setting the correct path therefore also is of no benefit. The only possible solution is to disable sandbox support at build time. The following patch to www-client/chromium/chromium-16.0.891.0.ebuild disables this sandbox helper and allows Chromium 16 to run on Gentoo Prefix: ------------------------------ CUT HERE -------------------------------- --- usr/portage/www-client/chromium/chromium-16.0.891.0.ebuild 2011-09-27 17:21:26.000000000 +0100 +++ usr/local/portage/www-client/chromium/chromium-16.0.891.0.ebuild 2011-10-03 12:21:47.000000000 +0100 @@ -221,11 +221,6 @@ $(gyp_use kerberos use_kerberos) $(gyp_use pulseaudio use_pulseaudio)" - # Enable sandbox. - myconf+=" - -Dlinux_sandbox_path=${CHROMIUM_HOME}/chrome_sandbox - -Dlinux_sandbox_chrome_path=${CHROMIUM_HOME}/chrome" - if host-is-pax; then # Prevent the build from failing (bug #301880). The performance # difference is very small. @@ -268,7 +263,7 @@ } src_compile() { - emake chrome chrome_sandbox BUILDTYPE=Release V=1 || die + emake chrome BUILDTYPE=Release V=1 || die pax-mark m out/Release/chrome if use chromedriver; then emake chromedriver BUILDTYPE=Release V=1 || die @@ -312,8 +307,6 @@ src_install() { exeinto "${CHROMIUM_HOME}" doexe out/Release/chrome || die - doexe out/Release/chrome_sandbox || die - fperms 4755 "${CHROMIUM_HOME}/chrome_sandbox" if use chromedriver; then doexe out/Release/chromedriver || die ------------------------------ CUT HERE -------------------------------- emerge --info: Portage 2.2.01.19295-prefix (prefix/linux/x86, gcc-4.5.3, unavailable, 2.6.32-33-generic-pae i686) ================================================================= System uname: Linux-2.6.32-33-generic-pae-i686-Intel-R-_Core-TM-_i5_CPU_650_@_3.20GHz-with-debian-squeeze-sid Timestamp of tree: Tue, 04 Oct 2011 07:40:08 +0000 ccache version 3.1.4 [disabled] app-shells/bash: 4.2_p10 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2 dev-util/ccache: 3.1.4 dev-util/cmake: 2.8.5-r2 dev-util/pkgconfig: 0.25-r2 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.21.53.0.2 sys-devel/gcc: 4.5.3-r1 sys-devel/gcc-config: 1.4.1-r00.2 sys-devel/libtool: 2.4-r01.1 sys-devel/make: 3.82 Repositories: gentoo_prefix my_local_overlay Installed sets: ACCEPT_KEYWORDS="~x86 ~x86-linux" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=i686 -Os -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/portage /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=i686 -Os -pipe" DISTDIR="/var/tmp/gentoo/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch preserve-libs protect-owned sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en_GB en_US en C" MAKEOPTS="-j2" PKGDIR="/var/tmp/gentoo/usr/portage/packages" PORTAGE_CONFIGROOT="/var/tmp/gentoo/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp/gentoo/var/tmp" PORTDIR="/var/tmp/gentoo/usr/portage" PORTDIR_OVERLAY="/var/tmp/gentoo/usr/local/portage" SYNC="rsync://localhost:8873/gentoo-portage-prefix" USE="X alsa bash-completion berkdb bzip2 cli cracklib crypt cxx dbus dri fortran gdbm gtk iconv ipv6 libnotify mmx modules mudflap ncurses nls nptl nptlonly opengl openmp pcre perl pppd prefix python readline semantic-desktop session sse sse2 ssl startup-notification sysfs tcpd threads truetype unicode x86 xinerama xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias auth_digest proxy proxy_balancer proxy_connect proxy_ftp proxy_http" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en_US en C" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 288825 [details, diff] Updated patch for chromium-16.0.899.0.ebuild
(In reply to comment #1) > Created attachment 288825 [details, diff] > Updated patch for chromium-16.0.899.0.ebuild Thanks for the patch but it is not acceptable for inclusion into gentoo-x86, you need to do some "if use prefix; then ...; fi"
Do you mean the Portage mainline tree? I didn't realise Gentoo Prefix specific statements (if prefix ; ... etc) are valid for the mainline Portage tree.... OK, I'll look for examples of how this is done in other ebuilds and so something with it for this.
Created attachment 289463 [details, diff] New patch with 'if use prefix' type statements Patch updated with sandbox sections wrapped with checks for 'use prefix' rather than being removed altogether.
Created attachment 292613 [details, diff] www-client/chromium-17.0.932.0 for Gentoo Prefix patch I know these patches probably won't make it into the repo, but at least if someone wants to build Chromium, they can do by applying it
*** This bug has been marked as a duplicate of bug 351693 ***
