Questions related to the Brave browser

Arch and Manjaro users who run Brave see a message that says that "you're using an unsupported command-line flag --no-sandbox". The recommendation in the AUR page of the brave-bin package (and elsewhere) is

To disable the message telling "that you're using an unsupported command-line flag --no-sandbox" you must enable user namespaces with sysctl:

sudo sysctl kernel.unprivileged_userns_clone=1

To make it persist after reboot:

echo kernel.unprivileged_userns_clone = 1 | sudo tee /etc/sysctl.d/00-local-userns.conf

The following message, however, argues against the proposed solution:

https://lists.archlinux.org/pipermail/arch-general/2017-February/043066.html

I have to admit that I do not fully grasp that. Can anyone explain that in less technical terms? What do Majaro users who use the Brave browser do about that? Thank you in advance.

See: the other brave threads. this is talked about.

ex: " Brave should be in Manjaro repos "

3 Likes

There is also more info in this thread: Chromium-based browsers and unprivileged user namespaces

In summary, since Brave chose not to implement the setuid sandbox, you have three choices:

  1. Run Brave without a sandbox
  2. Accept the security compromises associated with enabling support for unprivileged user namespaces in the kernel
  3. Don't use Brave
7 Likes

BTW, I commented on a bug and in response someone complained about the Manjaro devs not caring about Brave. See

According to the linked discussion Brave beta is outdated in the Manjaro repos.
You could report it here: Manjaro-specific packages which need an update

Thanks. I've just done that.

Firefox and Chromium are updated for security reasons whenever a new version is available. Shouldn't the same apply to Brave (which is also in the Manjaro repos)?

1 Like

Absolutely yes, no matter what software it is!

1 Like

@jsbach,

There is actually an open issue on GitHub where the Brave team is discussing how to resolve this. Please join me in urging them to either re-enable the Chromium sandbox or create their own.

1 Like

hello,

When i get the sandbox error and change my settings in the PIA -app (private internet acces),
the error disappears.

In my case it looks like my VPN managing by PIA gives the --sandbox- error.

Maybe this helps others too ?

edit: PIA change:Not really a solution. Started to use another browser .

spnzdg, thanks, it helped.

Forum kindly sponsored by