[Linuxulator] How to install Brave (Linux app) on FreeBSD 13.0+

[Rand0m]

so i got signed into google etc. but i cant use/download any extensions or themes when i try it says

An error has occurred​

Could not install package: 'FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY'

any ideas for a work around i tried chmod 777 my tmpfs dir etc no dice. any help is appreciated as is you time thanks guys.

Hi justfly1111 , I have the same issue so I wonder if you were able to solve it.

patovm04 great work thanks so much, I finally can watch netflix and prime video on my freeBSD.

 

[tuxador]

Hi justfly1111 , I have the same issue so I wonder if you were able to solve it.

patovm04 great work thanks so much, I finally can watch netflix and prime video on my freeBSD.

should we mount a /tmp folder on the linux chroot before attempting to install the extension ?

 

[patovm04]

Hi justfly1111 , I have the same issue so I wonder if you were able to solve it.

patovm04 great work thanks so much, I finally can watch netflix and prime video on my freeBSD.

Thanks, but unfortunately the 'FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY' problem doesn't seem to be a Linuxulator one. Native Chromium package on FreeBSD has the same issue nowadays. See:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258573

 

[BawdyAnarchist]

A few tips for anyone trying to do this inside of a jail:

You need to run the debootstrap from the host, and not from inside of the running jail. apt update && apt upgrade and also for adding packages, it's probably best to chroot directly from the host, and again, not as root from within the running jail.

The mounts should all be put into the jail's fstab, not the host fstab. This includes the .X11-UNIX nullfs mount to make x11 apps work.

I tried the procedure given by OP, but I get all kinds of errors when trying to launch the browser.

Here's my errors for Brave:

[95941:151292:1119/011714.451754:ERROR:file_path_watcher_linux.cc(326)] inotify_init() failed: Function not implemented (38)
[95941:151298:1119/011714.493080:ERROR:bus.cc(393)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[95941:151291:1119/011714.494743:ERROR:address_tracker_linux.cc(196)] Could not create NETLINK socket: Address family not supported by protocol (97)
[95941:151297:1119/011714.494781:ERROR:bus.cc(393)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[95941:151297:1119/011714.494827:ERROR:bus.cc(393)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[95941:151293:1119/011714.496328:ERROR:udev_watcher.cc(52)] Failed to initialize a udev monitor.

I was able to download and run spotify-client in the jailed linuxulator; logged in, but I was unable to get any sound. I'm pretty sure this is because pulseaudio is not detecting any sound devices. I checked the availability of my normal dsp by chroot into the /compat/ubuntu directory (while inside the running jail), and cat /dev/urandom > /dev/dsp0 definitely causes noise. When trying to manually start pulseaudio, here's what I get

linux@linux:~ % pulseaudio
W: [(null)] caps.c: Normally all extra capabilities would be dropped now, but that's impossible because PulseAudio was built without capabilities support.
W: [(null)] module-detect.c: failed to detect any sound hardware.
E: [(null)] module.c: Failed to load module "module-detect" (argument: ""): initialization failed.

 

[MarcoB]

I installed the .pkg from https://people.freebsd.org/~rodrigo/chromium/ and solved the FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY-problem

 

[Rand0m]

A few tips for anyone trying to do this inside of a jail:

You need to run the debootstrap from the host, and not from inside of the running jail. apt update && apt upgrade and also for adding packages, it's probably best to chroot directly from the host, and again, not as root from within the running jail.

The mounts should all be put into the jail's fstab, not the host fstab. This includes the .X11-UNIX nullfs mount to make x11 apps work.

I tried the procedure given by OP, but I get all kinds of errors when trying to launch the browser.

Here's my errors for Brave:

[95941:151292:1119/011714.451754:ERROR:file_path_watcher_linux.cc(326)] inotify_init() failed: Function not implemented (38)
[95941:151298:1119/011714.493080:ERROR:bus.cc(393)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[95941:151291:1119/011714.494743:ERROR:address_tracker_linux.cc(196)] Could not create NETLINK socket: Address family not supported by protocol (97)
[95941:151297:1119/011714.494781:ERROR:bus.cc(393)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[95941:151297:1119/011714.494827:ERROR:bus.cc(393)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[95941:151293:1119/011714.496328:ERROR:udev_watcher.cc(52)] Failed to initialize a udev monitor.

I was able to download and run spotify-client in the jailed linuxulator; logged in, but I was unable to get any sound. I'm pretty sure this is because pulseaudio is not detecting any sound devices. I checked the availability of my normal dsp by chroot into the /compat/ubuntu directory (while inside the running jail), and cat /dev/urandom > /dev/dsp0 definitely causes noise. When trying to manually start pulseaudio, here's what I get

linux@linux:~ % pulseaudio
W: [(null)] caps.c: Normally all extra capabilities would be dropped now, but that's impossible because PulseAudio was built without capabilities support.
W: [(null)] module-detect.c: failed to detect any sound hardware.
E: [(null)] module.c: Failed to load module "module-detect" (argument: ""): initialization failed.

Hi BawdyAnarchist
Can you please share the complete steps for letting this work from inside a jail? I use qjail to manage my jails. But never tried to run x from inside the jail before.

 

[BawdyAnarchist]

Hi BawdyAnarchist
Can you please share the complete steps for letting this work from inside a jail? I use qjail to manage my jails. But never tried to run x from inside the jail before.

For linuxulator jails? Or just regular jails?

The way to get X11 apps working inside of a jail looks like this:

1. Obviously you need X11 installed to host.
2. Install X11 in your jail, along with any video card drivers (like nvidia-driver)
3. You need the following line in the jail's fstab

#  Device                #Mountpoint                               FStype    Options       Dump       Pass#
/tmp/.X11-unix        /jails/yourguijail/tmp/.X11-unix              nullfs       rw               0                0

-- or you can just hand mount it mount_nullfs /tmp/.X11-unix /jails/yourguijail/tmp/.X11-unix
4. xhost + local: (on host)
5. /etc/devfs.rules needs to unhide a few devices under a custom ruleset. I'm including the sound devices as well here:

add path 'mixer*' unhide
add path 'dsp*' unhide
add path 'video*' unhide
# If you have an nvidia card, just this line below and you're done
add path 'nvidia*' unhide
# If you have AMD, you'll need these as well
add path dri unhide
add path 'dri/*' unhide
add path drm unhide
add path 'drm/*' unhide
add path pci unhide
# At least I think that's what I needed when I played with an AMD GPU.
# Maybe that last line about PCI is unnecessary, you'll have to confirm with someone else

-- Make sure to add that ruleset for your jail in /etc/jail.conf
service devfs restart
6. Inside the jail you need to export setenv display :0 To make it persistent, put it inside jail's .cshrc or .shrc

That should be it. Hopefully I haven't missed anything.


I'm really close to being finished with a whole package solution for managing jails in a way that's quite secure, quite convenient, and of course X11 working. It's basically just a set of scripts that act as a wrapper for jail management, kind of like the other options out there.

It's all actually working great for me for like a year now, I just haven't gotten around to cleaning it up; and then packaging it with a nice installer script. I'm hoping in the next few days to be finished with it, and I'll drop it onto github.

 

[Rand0m]

For linuxulator jails? Or just regular jails?

The way to get X11 apps working inside of a jail looks like this:

1. Obviously you need X11 installed to host.
2. Install X11 in your jail, along with any video card drivers (like nvidia-driver)
3. You need the following line in the jail's fstab

#  Device                #Mountpoint                               FStype    Options       Dump       Pass#
/tmp/.X11-unix        /jails/yourguijail/tmp/.X11-unix              nullfs       rw               0                0

-- or you can just hand mount it mount_nullfs /tmp/.X11-unix /jails/yourguijail/tmp/.X11-unix
4. xhost + local: (on host)
5. /etc/devfs.rules needs to unhide a few devices under a custom ruleset. I'm including the sound devices as well here:

add path 'mixer*' unhide
add path 'dsp*' unhide
add path 'video*' unhide
# If you have an nvidia card, just this line below and you're done
add path 'nvidia*' unhide
# If you have AMD, you'll need these as well
add path dri unhide
add path 'dri/*' unhide
add path drm unhide
add path 'drm/*' unhide
add path pci unhide
# At least I think that's what I needed when I played with an AMD GPU.
# Maybe that last line about PCI is unnecessary, you'll have to confirm with someone else

-- Make sure to add that ruleset for your jail in /etc/jail.conf
service devfs restart
6. Inside the jail you need to export setenv display :0 To make it persistent, put it inside jail's .cshrc or .shrc

That should be it. Hopefully I haven't missed anything.


I'm really close to being finished with a whole package solution for managing jails in a way that's quite secure, quite convenient, and of course X11 working. It's basically just a set of scripts that act as a wrapper for jail management, kind of like the other options out there.

It's all actually working great for me for like a year now, I just haven't gotten around to cleaning it up; and then packaging it with a nice installer script. I'm hoping in the next few days to be finished with it, and I'll drop it onto github.

Thanks so much, I will give it a try this weekend.

 

[Oleg_NYC]

When I type

linux-brave &

, the browser doesn't launch and I get this output:

No matching processes belonging to you were found
W: [(null)] caps.c: Normally all extra capabilities would be dropped now, but that's impossible because PulseAudio was built without capabilities support.
/compat/ubuntu/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[2849:103486:1212/165854.170811:ERROR:file_path_watcher_linux.cc(326)] inotify_init() failed: Function not implemented (38)
[1212/165854.173759:ERROR:ptracer.cc(476)] Unexpected registers size 0 != 216, 68
[1212/165854.173846:ERROR:proc_task_reader.cc(45)] format error
/compat/ubuntu/opt/brave.com/brave/brave-wrapper: line 45: 2849 Trace/breakpoint trap "$HERE/brave" --no-sandbox --test-type --v=0 "$@"

Please tell me what I did wrong.

 

[Oleg_NYC]

Okay, I figured out what the problem was. I had to enable xwayland! I think your HOWTO has a major omission: it doesn't state that the linuxulator is incompatible with the pure wayland experience. I also had to add --in-process-gpu to the brave-wrapper script.
Or maybe it's possible to run linuxulator in the pure wayland environment, but your HOWTO doesn't explain what has to be done in order for that to happen?
Anyway, thank you!

 

[Oleg_NYC]

I just found out that it is indeed possible to run linuxulator graphical apps on freebsd when xwayland is disabled. If I add these flags to your brave-wrapper script:

 --enable-features=UseOzonePlatform --ozone-platform=wayland

, brave will load in the pure wayland environment.

 

[priyadarshan]

[...]

I'm really close to being finished with a whole package solution for managing jails in a way that's quite secure, quite convenient, and of course X11 working. It's basically just a set of scripts that act as a wrapper for jail management, kind of like the other options out there.

It's all actually working great for me for like a year now, I just haven't gotten around to cleaning it up; and then packaging it with a nice installer script. I'm hoping in the next few days to be finished with it, and I'll drop it onto github.

Thank you, looking forward to to it.

 

[Oleg_NYC]

I hope I am not going too off-topic with this question, but I am just curious: on FreeBSD, is it possible to compile chromium inside the ubuntu chroot environment, move the widevinecdm folder from the extracted chrome .deb file to the chromium browser folder, and then watch Netflix? The latest unstable chromium fixed some bugs that the latest unstable chrome still has; that's why I am asking this.

 

[Holger]

Just did the tutorial on a fresh install and got the following:

/home/hsebert % linux-brave 
No matching processes belonging to you were found
W: [(null)] caps.c: Normally all extra capabilities would be dropped now, but that's impossible because PulseAudio was built without capabilities support.
[0111/003445.437899:ERROR:icu_util.cc(150)] Can't find icudtl.dat
[0111/003445.437977:ERROR:icu_util.cc(243)] Invalid file descriptor to ICU data received.
/compat/ubuntu/opt/brave.com/brave/brave-wrapper: line 45: 28326 Trace/breakpoint trap   (core dumped) "$HERE/brave" --in-process-gpu --no-sandbox --test-type --v=0 "$@"

The file icudtl.dat is there in /compat/ubuntu/brave.com/brave, but brave cannot find it. Any ideas?

 

[Bluey]

Amazing. It still works. 13.1-BETA3 Cinnamon.

For dummies, life would be a little clearer to just put in the text editor code. I understand everyone uses a different one, but dummies trying this don't have one at all.

So for dummies trying to get Netflix working on FreeBSD, where it says, for example:

# Create Ubuntu rc.d script and make it executable:
touch /usr/local/etc/rc.d/ubuntu && chmod +x /usr/local/etc/rc.d/ubuntu

# Make it have this content:
Code:

Do this:
$ vi /usr/local/etc/rc.d/ubuntu
Press <shift>-<A> # vi append command
Copy and paste the code.
Press <esc> :wq!

Support for 1080p:
https://chrome.google.com/webstore/detail/netflix-1080p/cankofcoohmbhfpcemhmaaeennfbnmgp/related

 

[Cath O'Deray]

…
# Destroy /tmp from zroot:
zfs destroy -f zroot/tmp
…

I prefer to not mount it:

% zfs get canmount,mountpoint august/tmp
NAME        PROPERTY    VALUE       SOURCE
august/tmp  canmount    off         received
august/tmp  mountpoint  /tmp        local
%

 

[Bluey]

From what I read, there were pro and cons of using tmpfs vs zroot/tmp. So I elected to leave it as zroot/tmp. Netflix on my FreeBSD-13.1-BETA3 is more functional and stable than Cinnamon/Gnome trying to get missing settings to work.

Now using KDE Plasma X11 - fully functional.

 

[Cath O'Deray]

Trying KDE. Appears fully functional, apart from Brave/Netflix - have to reinstall.

Do you mean that a working installation of Brave for Linux ceased working, after installation of KDE Plasma for FreeBSD?

If so: which method did you follow to install Plasma?

 

[Bluey]

Do you mean that a working installation of Brave for Linux ceased working, after installation of KDE Plasma for FreeBSD?

If so: which method did you follow to install Plasma?

Yes. Everything that can be installed using # pkg install is what I have used. After reinstalling something, it is working fine.

Currently 13.1-RC2.

 

[Cath O'Deray]

… Everything that can be installed using # pkg install …

For KDE Plasma, that's typically three packages:

pkg install --quiet --yes kde5 sddm xorg

<https://community.kde.org/FreeBSD/Setup#KDE_and_the_rest>

I don't see how any of those three (or the dependencies) would conflict with what's in the opening post <https://forums.freebsd.org/posts/494219>, but

… After reinstalling something, it is working fine.

That's good.

 

[Bluey]

I don't see how any of those three (or the dependencies) would conflict with what's in the opening post

[This stuff maybe better in another thread.]

Having had trouble getting X to work in the beginning and then playing with Cinnamon, XFCE and plasma, there are lots of things on my machine. I got Netflix/Brave running on Cinnamon, then had too many other issues. The instructions I found suggested pkg install x11/plasma5-plasma.

Have also tried sddm-kcm for gui setup. But here I see it is "ABANDONED". https://github.com/orgs/sddm/repositories

Maybe I got it from here https://community.kde.org/FreeBSD/Setup/Ports.

This handbook page Google found has lots of issues but I don't think I used it to start with.
https://people.freebsd.org/~blackend/doc/handbook/x11-wm.html

Maybe the Brave issue after installing plasma5 was to do with application launchers or paths for different users.

I suspect the serious X problems to be with HP bios and my Z2 mini having both Intel and Nvidia T1000 though FreeBSD only has Nvidia driver installed. Often, machine gets left with in different graphics mode after crashing (maybe scaled 640x480) and stays in this and boots to blank dead screen until another hard boot. Turning off bios fastboot maybe helping now.

 

[Bluey]

Lots of errors in system log. Some earlier ones mentioned zygote, so
"$HERE/brave" --no-sandbox --no-zygote --test-type --v=0 "$@" || true

Still getting lots of log errors. Brave/Netflix still working fine.

16 Apr 2022 05:55:46    hpz2freebsd    kernel    linux: jid 0 pid 64078 (ThreadPoolForeg): unsupported TCP socket option TCP_INFO (11)

56265    0.0  0.0     13596    3024  -  I    05:53       0:00.02 |           | `-- /bin/sh /usr/local/bin/linux-brave

59264    0.0  0.0      5632    3680  -  I    05:53       0:00.00 |           |   `-- /compat/ubuntu/bin/bash /compat/ubuntu/
61751    0.1  1.1  17336028  373080  -  S    05:53       0:04.26 |           |     |-- /opt/brave.com/brave/brave --no-sandb
66072    0.1  1.2  25787868  393140  -  SN   05:53       0:08.99 |           |     | |-- /compat/ubuntu/opt/brave.com/brave/
64078    0.0  0.7  17133812  232576  -  S    05:53       0:01.43 |           |     | |-- /compat/ubuntu/opt/brave.com/brave/
64179 0.0 0.7 17100568 228752 - S 05:53 0:00.06 | | | |-- /compat/ubuntu/opt/brave.com/brave/

 

[AlephNull]

I've tried using this process to run Chrome (adapting the 2 wrapper scripts to start /opt/google/chrome/chrome) and it consistently crashes:

Cannot chroot into /proc/ directory: No such file or directory
[0505/201302.369129:ERROR:setuid_sandbox_client.cc(118)] Failed to read from chroot pipe: Success (0)
[41050:41050:0505/201302.369537:ERROR:nacl_fork_delegate_linux.cc(311)] Bad NaCl helper startup ack (0 bytes)
Cannot chroot into /proc/ directory: No such file or directory
[41050:41050:0505/201302.370000:ERROR:setuid_sandbox_client.cc(118)] Failed to read from chroot pipe: Invalid argument (22)
[0505/201302.385791:ERRORtracer.cc(43)] ptrace: Invalid argument (22)
[0505/201302.385858:WARNINGrocess_reader_linux.cc(379)] Couldn't initialize main thread.
[0505/201302.385881:ERRORroc_task_reader.cc(46)] format error
[0505/201302.385891:WARNING:exception_snapshot_linux.cc(349)] thread ID 41039 not found in process
[0505/201302.385919:ERRORrocess_snapshot_linux.cc(129)] thread not found 41039
[0505/201302.386041:ERRORroc_task_reader.cc(46)] format error
Trace/BPT trap (core dumped)

Looking in /var/log/messages, I see a variety of error messages:

May 5 20:12:51 host kernel: linux: jid 0 pid 41028 (chrome): syscall seccomp not implemented
May 5 20:12:51 host kernel: pid 41031 (nacl_helper), jid 0, uid 204: exited on signal 5
May 5 20:12:51 host kernel: pid 41028 (chrome), jid 0, uid 204: exited on signal 5
May 5 20:12:51 host kernel: linux: jid 0 pid 41022 (chrome_crashpad_han): PTRAGE_GETREGSET NT_PRFPREG not implemented; returning EINVAL
May 5 20:12:56 host kernel: pid 41017 (sandbox_ipc_thr), jid 0, uid 204: exited on signal 5 (core dumped)
May 5 20:13:02 host kernel: linux: jid 0 pid 41050 (chrome): syscall seccomp not implemented
May 5 20:13:02 host kernel: pid 41053 (nacl_helper), jid 0, uid 204: exited on signal 5
May 5 20:13:02 host kernel: pid 41050 (chrome), jid 0, uid 204: exited on signal 5
May 5 20:13:02 host kernel: linux: jid 0 pid 41044 (chrome_crashpad_han): PTRAGE_GETREGSET NT_PRFPREG not implemented; returning EINVAL
May 5 20:13:07 host kernel: pid 41039 (sandbox_ipc_thr), jid 0, uid 204: exited on signal 5 (core dumped)

I've checked and /compat/ubuntu/proc/ is definitely mounted and looks like a Linux procfs. Does anyone have any suggestions to get it running?

 

[shkhln]

…

I counted 4 instances of the word "sandbox" and 2 mentions of "seccomp".

 

[Bluey]

Found recommendation to use metaport.

https://community.kde.org/FreeBSD/Setup/Ports