Chromium based puppies are meant to be ran as a less privileged users (e.g. spot) and Ideally we should do this. However, this won't always work (e.g. in a highly restricted container (See thread)) in which case one might want the option to run as root using the "--no-sandbox" option.
The intent of this thread is to illustrate some basic concepts of sed. The actual problem could be solved in a simpler way (e.g. just copying a new startup script for the browser) and really this doesn't take up much code since the startups scipts provided by @mikewalsh are only about 13 lines long.
That said, the sed code is only two lines long and if I'm incorporated it into a script to build a chrooted system I would rather minimize the lines of code and rely as much as possible on the code provided by the original startup script (i.e. change as little as possible).
The sed code is as follows:
Code: Select all
cat chromium-pup | sed -rn \
'/run-as-spot "\$HERE\/chrome"/ {s#^(.*)$#"$HERE/chrome" --no-sandbox --user-data-dir=$HERE/PROFILE --disable-infobars "$@"#g;}
/run-as-spot "\$HERE\/chrome"/! {p}' > chromium-pup-nosb
There are two lines here. The first line checks if the line starts with 'run-as-spot "$HERE/chrome"' and if so then it replaces it with the following line:
Code: Select all
"$HERE/chrome" --no-sandbox --user-data-dir=$HERE/PROFILE --disable-infobars "$@"
The second line code checks to see if the pattern isn't matched and simply prints the line. I could do this with a single line of sed code via substitution. However, I think this pattern action approach is more structured (almost like a script) and it also results in simpler regular expressions.
Some notes on syntax. The -n option means to not automatically print. Printing instead is done via the "p" command or alternatively as the output of a substitution. The -r option means to use regular expressions. Inside the pattern, we escape the forward slash "/" with "\/" and the dollar sign "$" with "\$". The forward slash needs to be escaped because it defines the boundaries of the pattern. The dollar sign needs to be escaped because it represents the end of a line in a regular expression.
In my case I'm using this sed script to patch the start-up script for ungoogled-chromium, running in the Puli/Xenial64 with core libs upgraded via the rootfs of WDLGO_UbuntuFocal64 (see post). The browser is started in a chroot, sandbox or container. Running and idependent xserver via Xephyr.
In the script I built to chroot into an extracted system (for testing) the patching code is as follows:
Code: Select all
if [ ! -f "$CHROOT_FOLDER/opt/Ungoogled_Chromium-portable/chromium/chromium-pup-nosb" ]; then
(cd "$CHROOT_FOLDER/opt/Ungoogled_Chromium-portable/chromium/"; cp -a chromium-pup chromium-pup-nosb;
cat chromium-pup | sed -rn \
'/run-as-spot "\$HERE\/chrome"/ {s#^(.*)$#"$HERE/chrome" --no-sandbox --user-data-dir=$HERE/PROFILE --disable-infobars "$@"#g;}
/run-as-spot "\$HERE\/chrome"/! {p}' > chromium-pup-nosb )
fi
I hope to provide multiple startup options. For example one option will be a highly restricted startup option like the contianer used by @rufwoof in the thread:
Fatdog unshare xephyr capsh container
