Dragon Sandbox

If a type dragon://sandbox in the search box to check the status of the sandbox, I get “This webpage is not available” as a result.

Does it mean that Dragon doesn’t use the chromium in-built sandbox anymore?

The sandbox-URL is for Linux only.

Chromium Blog: A safer playground for your Linux and Chrome OS renderers

[attachment deleted by admin]

Thanks JoWa for your reply.

Do you know if there is way to see if the sandbox is active in Windows OS?

You can use Process Explorer to check the processes’ integrity-level (Vista+), which should be untrusted for renderers. You can also check that there is a tab Job in a process’s properties, and that the job has 12 limits.


Indeed I’ve untrusted for the integrity-level, but for the job limits I’ve:
Kill on Job Close : True
Active Process : 1

This is the expected list (see image, Dragon 30 portable, W7 64-bit).

I have no idea why you have only two of the limits. :-\ ???

[attachment deleted by admin]


In my previous reply, I just looked the properties of the first Dragon process and got the values in job I mentioned in that previous reply. ((1st image attached).

Now if I look the properties of the following Dragon processes, I’ve the same values than you (2d image attached). All is well then. :slight_smile:

[attachment deleted by admin]

That’s good, but also surprising. :slight_smile: The “broker”-process is not sandboxed, it’s the broker that sandboxes the child-processes (renderers, extensions, plugins). So the broker-process is not expected to run as a job-object. Are you using some other software to sandbox Dragon?

When i said the 1st Dragon process in my previous reply, I forgot to mention that it was the 1st child one. For the parent process, I haven’t Job in the properties.

I usually run Dragon in Sandboxie, but to check the in-built sandbox I ran it outside Sandboxie. When ran in Sandboxie, Job in propreties give a blank page for the child processes (attached image)

[attachment deleted by admin]

Oh, that first child-process must be the GPU-process. You can press Shift+Esc to open Dragon’s taskmanager. Check the PID for the GPU-process and compare with Process Explorer.

“Access denied” and an empty list might mean that Dragon’s (Chromium’s) sandbox is not working properly when sandboxed by Sandboxie, but I am not sure about that. :-\

You are right. The 1st process child has indeed the same PID as Dragon GPU process.

Thanks a lot JoWa for your help. :-TU