How can I test whether Chromium is running inside sandbox

I am using Chromium browser on Debian Wheezy. I read that Chromium is using sandbox to isolate its processes from the rest of the system and thus to increase security.

How can I verify that Chromium is indeed running inside a sandbox?

Is Chromium using sandbox by default, or do I have to configure it? When I start Chromium by clicking on the icon, and then look at the running process with ps, I see no indication that it runs in sandbox (i.e. no --sandbox parameter).

Asked By: Michael Boies

||

The Chromium sandbox is a separate program, chrome-sandbox (even for Chromium rather than Chrome). You’ll see it running with

ps aux | grep chrome-sandbox

and you can see its relationship to the other Chromium processes with

pstree | less -pchromium

As mentioned by Cestarian the sandbox is enabled by default and can be disabled with --no-sandbox (but it’s not recommended).

Answered By: Stephen Kitt

Within Chromium, visit chrome://sandbox.

Answered By: Bink