I am running Home Manager on Archlinux, with the linux-hardened kernel. When I attempt to start chromium, or any other Electron-based application, I see this error:
[29679:29679:0621/215124.221513:FATAL:sandbox/linux/suid/client/setuid_sandbox_host.cc:163] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /nix/store/blg0s97glz9pwnww3li4miz6g69bfwbs-ungoogled-chromium-136.0.7103.59-sandbox/bin/__chromium-suid-sandbox is owned by root and has mode 4755.
By issuing stat, I can see that this file indeed has the incorrect permissions:
File: /nix/store/blg0s97glz9pwnww3li4miz6g69bfwbs-ungoogled-chromium-136.0.7103.59-sandbox/bin/__chromium-suid-sandbox
Size: 332792 Blocks: 656 IO Block: 4096 regular file
Device: 0,63 Inode: 3147974 Links: 1
Access: (0555/-r-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2025-06-19 17:58:04.853568911 -0400
Modify: 1969-12-31 19:00:01.000000000 -0500
Change: 2025-05-06 06:59:15.514630099 -0400
Birth: 2025-05-06 06:59:15.475710738 -0400
Is there a way I can override the chromium package to set the permission of the sandbox correctly? Or any other approach I can take to resolve this problem?
Thanks