Geek Answers Handbook

Why does Xromium Embedded Framework run as root? (Unity Installer)

I install Unity. The Unity installer says that it must be running as root, and that is because the Chromium Embedded Framework must be running as root. Why does the Xromium Embedded Framework run as root?

The Unity installer points me here , but the root rights are not mentioned on this page.

Here is the console output for posterity:

lol@localhost :unity(0)\ ./unity-editor-installer-5.4.0b23+20160628.sh This installer must be run as root.

And the corresponding piece of code from the installer:

 # chrome-sandbox requires this: https://code.google.com/p/chromium/wiki/LinuxSUIDSandbox chown root "${EXTRACT_SUBDIR}/Editor/chrome-sandbox" chmod 4755 "${EXTRACT_SUBDIR}/Editor/chrome-sandbox"

EDIT July 15th: This thread was found . Can anyone help confirm that root ownership and SUID are no longer needed on the chrome sandbox?

I build according to these instructions , but I'm still asking for the root password when running cros_sdk.

+5
source share
2 answers

So that all people use the same exact environment and tools for assembling with Chromium, the whole building is done inside the chroot . This chroot is its own small world: it contains its own compiler, its own tools (its own copy of bash, its own copy of sudo), etc.

It uses chroot , prctl and several other system calls that may return an EPERM error if the process has insufficient privileges.

EPERM error

Therefore, the installer wants to run a bash script that runs as root to set the SUID in the sandbox. They want you to be root, because they give the owners of the files permissions , as well as the owner of the UID (user ID) and GID (group identifier). As a rule, on Unix / Linux, when a program starts, it inherits access rights from a registered user.

Chromium OS Developer's Guide

+2
source

Chromium Embedded Framework does not need to be run as root. Root permissions are only needed to set / chmod permissions on the chrome-sandbox executable. Linux installers usually require root privileges, there is nothing strange about this.

0
source

More articles:


All Articles