Chromium ran from a Devuan installation.
-e debian_chroot web20 -m /opt/cancer/web2.0/usr /usr -m /opt/cancer/web2.0/bin /bin -m /opt/cancer/web2.0/sbin /sbin -m /opt/cancer/web2.0/lib /lib -m /opt/cancer/web2.0/lib64 /lib64 -- /usr/bin/chromium
Make sure the user running the final command has permissions to access the audio and video devices; on some systems this requires adding the user to specific groups.
After the above installation works, write a wrapper shell script, e.g. /usr/local/bin/chromium:
#!/bin/sh exec /usr/sbin/cancer web2 "$@"
Chromium will open in the host system's X; with having such a wrapper script, the whole process feels local, as if chromium was installed on the host system.
Especially that /etc, /home and /tmp are shared. In case the difference between the host and the "chroot" is large, /etc will become incompatible and needs to be mounted too so that chromium uses the "chroot" installed etc. This can be done by adding this line in /etc/cancer/web2:
-m /opt/cancer/web2.0/etc /etc
This config hardwires running chromium; the user will not be able to use cancer's suid rights to run anything else from that environment. Alternatively:
The line "-e debian_chroot web20" is useful in case the config lets the user have a shell instead of running chromium.