Chrome is already sandboxed (https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandboxing.md), and I don't think we can commit to supporting the sandbox you mentioned. 

Removing view restrictions for this feature request.

Well, I'm not sure we should rule out supporting Oz. Chrome's browser and GPU processes are not isolated from other X11 applications, for example.

That said, there might or might not be anything to gain from supporting Oz, and it might or might not be too expensive/difficult for us to support. (For an example of why we might not gain anything from supporting Oz, Xpra is pre-alpha experimental software according to its own documentation, and it might not really provide strong X11 isolation even when complete — either by design or by implementation.)

So, if anyone could explain more about what Oz could for-sure gain from Chrome working in Oz, and what is currently stopping it from happening, that'd be great. Maybe we could consider doing it if the gains are large and the effort is small. (The reason the effort must be small is that Chrome's Linux user base is small, and the Subgraph user base is smaller still.)

(That should be, "...more about what Oz users could for-sure...")

happy to take external contributions for this also. It sounds like oz uses pid namespaces which chromium also uses, so perhaps they just need to be made to work nicely with each other.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot