Brave Browser in PureOS, won't launch

EvF · October 17, 2017, 4:15am

Hi there! I was able to install Brave in PureOS, but can’t get it to launch.

In the terminal I get this message:

evf@evf-pc:~$ brave
[6464:6464:1016/233709.960290:FATAL:zygote_host_impl_linux.cc(107)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
Aborted

But when I try to take care of the sandbox issue using the instructions Brave directs you to from their GitHub page to this page…

…it still doesn’t work after rebooting. If I click on the Brave icon it will show like it’s loading in the panel but then that disappears and poof, nada.

What am I doing wrong? Help greatly appreciated!

(I tried using the Snap too, still no luck.)

uzanto · October 17, 2017, 9:02am

Try with cat /etc/sysctl.d/00-local-userns.conf if it’s blank you didn’t enable user namespace in kernel.

Try again:
sudo su
Type your password and then do:
echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
service procps restart

I think you speak Spanish, if you don’t understand something you can ask me in Spanish.

EvF · October 18, 2017, 3:10am

Thanks uzanto, that did the trick! No hablo español!

uzanto · October 18, 2017, 9:32am

Haha you’re welcome I thought that because you had written a Spanish word in your first post.

norbert · February 20, 2018, 10:06pm

uzanto, can you help a n00b?

i too, cannot get Brave to do anything after launch, but get no messages of any kind, even when launched from the browser. No error message…nada!

i tried the suggestions you made above, but when i navigate to the /etc/sysct1.d/ directory - there is no file named 00-local-userns.conf

following your suggestions only gives me a ‘No such file or directory’ error.

thoughts?

thanks in advance,

Norbert

mladen · February 23, 2018, 1:33pm

It’s /etc/sysctl.d/, not /etc/sysct1.d/ (l instead of 1).

norbert · February 23, 2018, 2:46pm

told you i was a n00b!

lol

thanks,

N

dan3 · May 26, 2018, 7:15am

Does this no longer work? Or is it just a problem with snap?

$ sysctl kernel.unprivileged_userns_clone
kernel.unprivileged_userns_clone = 1

$ snap run --shell brave
$ /snap/bin/brave
Bad system call

Found this in dmesg:
[ 59.839946] audit: type=1400 audit(1527315298.838:75): apparmor=“DENIED” operation=“capable” profile="/usr/lib/snapd/snap-confine" pid=2045 comm=“snap-confine” capability=2 capname=“dac_read_search”

Gunnar · May 30, 2018, 1:07am

Installed brave using Snap. Installed fine, I have a gnome icon. It will not launch.

Made the modifications to the /etc/sysctl.d file 00-local-userns.conf file as directed. No change.

Entered it other ways, from root:

echo ‘kernel.unprivileged_userns_clone=1’ > /etc/sysctl.d/00-local-userns.conf
service procps restart

Made no difference. Any other suggestions?

dan3 · June 6, 2018, 2:36am

In addition to enabling user creation of user namespaces, you would need to do one of the following:

Create AppArmor profiles for Snap and Brave
Wait for someone else (Purism) to create AppArmor profiles
Disable AppArmor
Run Brave without the Sandbox [not tested]

3 and 4 are pretty insecure. 1 and 2 should be your first choice, but I haven’t seen an AppArmor profile for Snap/Brave.

The process for creating one doesn’t look too bad. Basically, you just run a trusted instance of Brave with AppArmor disabled, record all of the syscalls it makes, and add those to the whitelist AppArmor uses. I haven’t gotten around to trying this, however.

Gunnar · June 25, 2018, 11:48pm

Just followed the instructions here: HOWTO: Brave browser installation

Basically just installing it from Debian Buster. It now works fine. Strangely, AppArmor didn’t give me a hard time like it did with Thunderbird.