Chrome Version (from the about:version page):
56.0.2924.87 (64-bit)
57.0.2987.133-1.x86_64
57.0.29.87.98 Built on 8.7 running on Debian 8.7 (64-bit)
58.0.3029.81 (64-bit)

The issue remains in the head of the chromium source tree

Is this the most recent version: yes
OS + version: Linux 4.9 or later
CPU architecture (32-bit / 64-bit): N/A
Window manager: N/A
URLs (if relevant): N/A
Behavior in Linux Firefox: N/A
Behavior in Windows Chrome (if you have access to it): N/A

What steps will reproduce the problem?

# On any system with /proc/sys/kernel/user/max_user_namespaces
# Debian jessie with the jessies-backports kernel (4.9.0.bpo...) is such a system

$ echo 1 > /proc/sys/kernel/unprivileged_userns_clone  # If applicable
$ echo 0 > /proc/sys/kernel/user/max_user_namespaces
# Attempt to start chromium
$ chromimum

17333:17333:0425/091526.964394:FATAL:credentials.cc(137)] Check failed: error == EPERM || error == EUSERS || error == EINVAL || error == ENOSYS. : No space left on device
#0 0x556d753bbfbe <unknown>
#1 0x556d753d061b <unknown>
#2 0x556d753d0c6e <unknown>
#3 0x556d76133549 <unknown>
#4 0x556d74baaedc <unknown>
#5 0x556d7483c7e7 <unknown>
#6 0x556d7484554a <unknown>
#7 0x556d7483be7c <unknown>
#8 0x556d7501e123 <unknown>
#9 0x556d7501cb30 <unknown>
#10 0x556d73b24910 ChromeMain
#11 0x7fb986f6eb45 __libc_start_main
#12 0x556d73b24789 <unknown>


$ gdb /usr/lib/chromium/chromium    
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/chromium/chromium...Reading symbols from /usr/lib/debug/.build-id/e2/06e3acde7124fca936e2a5b2fed8196cc5fb46.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/lib/chromium/chromium 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffeb3cc700 (LWP 18012)]
[18008:18008:0425/091943.211468:FATAL:credentials.cc(137)] Check failed: error == EPERM || error == EUSERS || error == EINVAL || error == ENOSYS. : No space left on device

Program received signal SIGABRT, Aborted.
0x00007ffff0b80067 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff0b80067 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff0b81448 in __GI_abort () at abort.c:89
#2  0x000055555799ca22 in base::debug::BreakDebugger() ()
#3  0x00005555579b2940 in logging::LogMessage::~LogMessage() ()
#4  0x00005555579b2c6e in logging::ErrnoLogMessage::~ErrnoLogMessage() ()
#5  0x0000555558715549 in sandbox::Credentials::CanCreateProcessInNewUserNS() ()
#6  0x000055555718cedc in content::ZygoteHostImpl::Init(base::CommandLine const&) ()
#7  0x0000555556e1e7e7 in content::BrowserMainLoop::EarlyInitialization() ()
#8  0x0000555556e2754a in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ()
#9  0x0000555556e1de7c in content::BrowserMain(content::MainFunctionParams const&) ()
#10 0x0000555557600123 in content::ContentMainRunnerImpl::Run() ()
#11 0x00005555575feb30 in content::ContentMain(content::ContentMainParams const&) ()
#12 0x0000555556106910 in ChromeMain ()
#13 0x00007ffff0b6cb45 in __libc_start_main (main=0x555556106890 <main>, argc=1, 
    argv=0x7fffffffe158, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe148) at libc-start.c:287
#14 0x0000555556106789 in _start ()
(gdb) 


# Fails mysterious because the assertion information has been stripped
$ google-chrome



What is the expected result?

That chromium will disable it's use of namespace sandboxes when it receives an error and start normally
as chromium does for other errors.

What happens instead?

A Mysterious failure to start chromium or chrome.


Please provide any additional information below. Attach a screenshot
and backtrace if possible.

As of Linux 4.9 a sysctl (/proc/sys/user/max_user_namespaces) has been added to limit the maximum number of user namespaces.  When the limit is reached the kernel returns ENOSPC.  The default value of this limit is high enough it should never be reached.  Being conservative or paranoid sometimes this limit is set to 0.

The new error code was added it make it clear that the failure was only because a user configured limit was reached.  Unfortunately chromium decided to not start in this case.  The patch below should be all that it takes to fix this issue.

diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index 4e47652aaef9..077de07589ab 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -134,7 +134,7 @@ void CheckCloneNewUserErrno(int error) {
   // namespaces are used. EINVAL for kernels that don't support the feature.
   // Valgrind will ENOSYS unshare().
   PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
-         error == ENOSYS);
+         error == ENOSYS || error == ENOSPC);
 }
 
 // Converts a Capability to the corresponding Linux CAP_XXX value.