Why must Chromium Embedded Framework be run as root? (Unity Installer)

Question

I'm installing Unity. The Unity installer says it must be run as root, and this is because Chromium Embedded Framework must be run as root. Why must Chromium Embedded Framework be run as root?

The Unity installer points me here, but that page doesn't mention root permissions.

Here is the console output, for posterity:

lol@localhost:unity(0)\ ./unity-editor-installer-5.4.0b23+20160628.sh
This installer must be run as root.

And the relevant code snippet from the installer:

# chrome-sandbox requires this: https://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
chown root "${EXTRACT_SUBDIR}/Editor/chrome-sandbox"
chmod 4755 "${EXTRACT_SUBDIR}/Editor/chrome-sandbox"

EDIT July 15: Found this thread. Can someone help confirm that root ownership and SUID are no longer needed on chrome-sandbox?

I'm building according to these instructions but am still asked for root password when I run cros_sdk.

Answer 1

To make sure everyone uses the same exact environment and tools to build with Chromium, all building is done inside a chroot. This chroot is its own little world: it contains its own compiler, its own tools (its own copy of bash, its own copy of sudo), etc.

It uses chroot, prctl and few others syscalls which can return EPERM error if the process has insufficient privileges.

EPERM error

Therefore the installer wants to run a bash script that is run as root for setting SUID on the sandbox. They want you as root because it gives file owner’s permissions as well as owner UID (User ID) and GID (Group ID). Generally in Unix/Linux when a program runs it inherits access permissions from the logged in user.

Chromium OS Developer Guide