2

I am using Chromium browser on Debian Wheezy. I read that Chromium is using sandbox to isolate its processes from the rest of the system and thus to increase security.

How can I verify that Chromium is indeed running inside a sandbox?

Is Chromium using sandbox by default, or do I have to configure it? When I start Chromium by clicking on the icon, and then look at the running process with ps, I see no indication that it runs in sandbox (i.e. no --sandbox parameter).

Improve this question
2
  • 1
    Relevant description of Sandboxing on Linux. Posting as a comment since I'm unaware of how to answer your question about verification. Commented Feb 13, 2015 at 13:37
  • It seems that sandboxing is enabled by default, you need to run with --no-sandboxing to disable sandboxing according to the above link, as for how to test it... I haven't the slightest idea. Commented Feb 13, 2015 at 14:46

2 Answers 2

Reset to default
4

The Chromium sandbox is a separate program, chrome-sandbox (even for Chromium rather than Chrome). You'll see it running with

ps aux | grep chrome-sandbox

and you can see its relationship to the other Chromium processes with

pstree | less -pchromium

As mentioned by Cestarian the sandbox is enabled by default and can be disabled with --no-sandbox (but it's not recommended).

Improve this answer
1

Within Chromium, visit chrome://sandbox.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.