Unsupported command-line flag: --no-sandbox

@dsturbd, @childishgiant - You both installed via snap/store/some app software, is that correct?

1 Like

well on manjaro, i installed it from the software center (pamac), not sure of any other way other than to use pacman -S brave, which would accomplish the same thing

1 Like

sudo pacman -S brave on the terminal for me. Yeah it’s the same.

2 Likes

I just want to reiterate that Brave only maintains the packages listed at https://brave-browser.readthedocs.io/en/latest/installing-brave.html#linux.

3 Likes

This means that the .pkg.tar.xz file from which pacman installs Brave for us was built solely by the unofficial maintainer, right?

Correct me if I’m wrong: stuff like this thread and this one could be redirected to them. Right?

EDIT: @Mattches @toml
Edit 2: Please, can someone just answer my question with a yes or a no??

1 Like

checkout NOTE here: https://brave-browser.readthedocs.io/en/latest/installing-brave.html#linux
If you are using Arch, use this command to enable support to run unprivileged containers for the current session: sysctl kernel.unprivileged_userns_clone=1

3 Likes

Same problem. Running

4.19.32-1-MANJARO

Installed through pacman from community repo:

$ pacman -Si brave
Repository      : community
Name            : brave
Version         : 0.61.50-1
Description     : Web browser that blocks ads and trackers by default (latest binary release).
Architecture    : x86_64
URL             : https://github.com/brave/brave-browser/releases
Licenses        : custom
Groups          : None
Provides        : brave-browser
Depends On      : gtk3  gconf  nss  alsa-lib  libxss  libgnome-keyring  ttf-font
Optional Deps   : cups: Printer support
                  pepper-flash: Adobe Flash support
Conflicts With  : brave-latest  brave-bin  brave-beta-bin
Replaces        : None
Download Size   : 69,76 MiB
Installed Size  : 227,13 MiB
Packager        : Philip Mueller <philm@manjaro.org>
Build Date      : Sa 09 Mär 2019 17:20:18 CET
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Is it fixed in any of these versions?:

$ pacaur -Ss brave
community/brave 0.61.50-1 [installed]
Web browser that blocks ads and trackers by default (latest binary release).
community/brave-beta 0.62.25-1
Web browser that blocks ads and trackers by default (latest binary release).
aur/brave-beta-bin 0.63.34-1 (10, 1,75699)
Web browser that blocks ads and trackers by default (beta binary release).
aur/brave-bin 0.62.51-2 (151, 12,7579)
Web browser that blocks ads and trackers by default (binary release).
aur/brave-dev-bin 0.64.39-1 (7, 3,41829)
Web browser that blocks ads and trackers by default (dev binary release).
aur/brave-git 0.24.1.r236.g7e6875794-1 (22, 0,035645)
A web browser that stops ads and trackers by default. Master branch.
aur/brave-nightly-bin 0.65.28-1 (1, 0,815486)
Web browser that blocks ads and trackers by default (nightly binary release).

Brave starts without problems when using kernel.unprivileged_userns_clone=1. Is this strictly necessary or is it fixable? I’m not too comfortable playing with kernel parameters that I don’t know anything about.

1 Like

I am running Brave under Manjaro Linux (version 0.62.51, package brave-bin installed from the AUR) and I see the message about unsupported command line flag. It goes away after a

sudo sysctl kernel.unprivileged_userns_clone=1

Nonetheless, that raises some security concerns; see

https://lists.archlinux.org/pipermail/arch-general/2017-February/043066.html

Would it be possible for the Brave devs to build the browser so that users wouldn’t need to enable unprivileged user namespaces?

1 Like

If the namespaces system itself is problematic, this means that even the officially-supported distros have this issue, right?

1 Like

brave+wayland(native)+flatpak=yes? :grinning:
is very good way for linux all distributions :sunglasses:

So, it looks like this is not a Brave issue but rather an issue with the AUR compile?

For the Brave devs, is there a planned install for Arch?

Or, as the prior poster mentioned, an official flatpak?

Arch is on our list of repos to support directly, but we have a lot of packaging to do.

Same issue here:

Manjaro Linux 18.0.4
Brave 0.65.114-1

Installed directly from Manjaro software repos.

The above solution does not work for me.

Bit gobsmacked that this issue has persisted for over 7 months now.

3 Likes

same issue with my installation

Manjaro Linux 18.0.4
Brave Version 0.67.119 Chromium: 76.0.3809.72 (Official Build) unknown (64-bit)
Installed from pamac-manager

I’m using Manjaro 18.0.4 Brave 0.67.119 and enabling user namespace and maintaining after reboot works for me. I used the following command

echo kernel.unprivileged_userns_clone = 1 | sudo tee /etc/sysctl.d/00-local-userns.conf

What really annoys me here is that almost no one in this thread is talking about the real problem.

Yes, Arch-based distros have that message yielded by default, but neither is that bug, nor does it have anything to do with the fact that those aren’t officially supported. This is a problem that affects all the linux distros, and the only reason that gives an error message on the Arch ones is because they are among the few distros that try to tackle an issue, by disabling Unprivileged User Namespaces by default. And what is that issue? The fact that this sandbox allows website JS to run as root.

Don’t get me wrong: I am by no means a security expert, and I didn’t assert this by myself. But when, after all the discussion that has taken place on the matter, all I see is this thread being marked as Solved because “The people who noticed the problem are from an unsupported distro lol” and the github discussion being relegated to P5, the lowest priority level, with no further explanation on why, and solid arguments against only piling up, I don’t think I would be wrong in complaining about this whole thread, save for a few exceptions, being a total trainwreck.

1 Like

I didn’t notice the no sandbox message when I reinstalled Brave on Manjaro a few weeks ago. Has the issue been fixed, or did Manjaro not bring up the error message?

Well, this is disconcerting. I am planning on switching (back) to Linux, and I wanted to continue to use Brave. I guess when I do switch (if this is not resolved by then), I’ll have to look at alternatives. Does anyone know of a page documenting browser add-ons and such that can be used to achieve some of the privacy functionality that Brave does built-in? If I can’t have it built in, I can at least get it with add-ons — to the degree possible. I understand that would be going without the whole BAT realm — which I really would like to be a part of. But . . . it’s not worth the security risk.

Yeah, I’m surprised. And disappointed.

Hello,
I not a SysAdmin but not a Noob either.

I’m using : Arch with kernel - Linux 5.4.19-4-lts
Brave - Version 1.3.115 Chromium: 80.0.3987.87 (Official Build) unknown (64-bit)
Installed with:
’ yay -S brave-bin’
$ yay -Si brave-bin
:: Querying AUR…
Repository : aur
Name : brave-bin
Keywords : brave browser
Version : 1:1.3.115-1
Description : Web browser that blocks ads and trackers by default (binary release).
URL : https://brave.com/download
AUR URL : https://aur.archlinux.org/packages/brave-bin
Groups : None
Licenses : BSD MPL2 custom:chromium
Provides : brave brave-browser
Depends On : gtk3 nss alsa-lib libxss ttf-font
Make Deps : None
Check Deps : None
Optional Deps : cups pepper-flash libgnome-keyring
Conflicts With : brave
Maintainer : mixedCase
Votes : 221
Popularity : 16.798059
First Submitted : Wed 06 Apr 2016 03:16:04 PM CEST
Last Modified : Mon 10 Feb 2020 11:36:13 PM CET
Out-of-date : No

I have run :
$ sudo sysctl kernel.unprivileged_userns_clone=1
sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory

I’ve down loaded from github and un-zipped and ran “brave” from terminal. Same problem.
I’ve search the “net” far and wide and no solution.
The above solution does not work for me.
What gives and will this ever be corrected? I just don’t like using software with even little holes in the security.
Otherwise, I find that “brave” meets my surfing needs very well.
Thanks