diff --git a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
index a4ef1d0..815a0fb 100644
--- a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
+++ b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
@@ -7,4 +7,8 @@ kernel.grsecurity.chroot_deny_chmod = 0
 kernel.grsecurity.chroot_deny_mknod = 0
 kernel.grsecurity.chroot_deny_mount = 0
 kernel.grsecurity.chroot_deny_pivot = 0
+
+# Chrome/Chromium sandbox won't work without this
+kernel.grsecurity.chroot_deny_fchdir = 0
+
 kernel.pax.softmode = 1