Skip to content

Fix browser hand: add --no-sandbox when Chromium runs as root#394

Open
cryptonahue wants to merge 1 commit intoRightNow-AI:mainfrom
cryptonahue:fix/chromium-no-sandbox-when-root
Open

Fix browser hand: add --no-sandbox when Chromium runs as root#394
cryptonahue wants to merge 1 commit intoRightNow-AI:mainfrom
cryptonahue:fix/chromium-no-sandbox-when-root

Conversation

@cryptonahue
Copy link

@cryptonahue cryptonahue commented Mar 7, 2026

Summary

  • The browser hand fails immediately on any root-based OpenFang server install with: Error: Chromium exited before printing DevTools URL
  • Chromium refuses to run as root without --no-sandbox — this is a known Chromium requirement
  • The default OpenFang install script runs the daemon as root, making the browser hand broken out of the box on Linux servers

Reproduction

  1. Install OpenFang via the install script (runs as root)
  2. Install and activate the browser hand
  3. Ask any agent to navigate to a website
  4. Error: Chromium exited before printing DevTools URL. Is Chrome installed?

Fix

Added is_running_as_root() which detects UID 0 by reading /proc/self/status (no new dependencies needed). When running as root, --no-sandbox is automatically appended to Chromium's launch args.

if is_running_as_root() {
    args.push("--no-sandbox".to_string());
}

The root detection reads /proc/self/status on Linux (reliable, no deps) and falls back to checking HOME=/root on other Unix systems. On non-Unix platforms it always returns false.

Test plan

  • cargo build -p openfang-runtime — compiles cleanly
  • cargo clippy -p openfang-runtime -- -D warnings — zero warnings
  • Verified manually on Ubuntu 24.04 running as root: browser hand navigates successfully after this fix

@cryptonahue
Add --no-sandbox flag when Chromium runs as root
c41721e 
Chromium refuses to launch without --no-sandbox when the process is
running as UID 0. This causes the browser hand to fail immediately with
'Chromium exited before printing DevTools URL' on any server-based
OpenFang installation that runs as root (the default install).

Added is_running_as_root() which reads /proc/self/status on Linux to
detect UID 0 without requiring a libc dependency, with a fallback to
the HOME env var for other Unix systems. When root is detected,
--no-sandbox is appended to the Chromium launch args automatically.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cryptonahue