Applications failing to run on Linux that use chrome sandboxes

Applications that use chrome to render it self normally try to sandbox themselves. In some cases this will not work.

There are several reasons for this:

When apparmor interacts you will get an error stating something like:

FATAL:credentials.cc(126)] Check failed: . : Permission denied (13)

Additionally dmesg will print the following error:

[6068220.942716] audit: type=1400 audit(1734610968.427:1043): apparmor="DENIED" operation="userns_create" class="namespace" info="User namespace creation restricted" error=-13 profile="unconfined" pid=3402516 comm="nxwitness_clien" requested="userns_create" denied="userns_create"

This can be fixed by setting the following sysctl:

sysctl -w kernel.apparmor_restrict_unprivileged_userns=0