Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The SUID sandbox helper binary was found, but is not configured correctly #1209

Open
yuriescl opened this issue Feb 2, 2021 · 3 comments
Open

The SUID sandbox helper binary was found, but is not configured correctly #1209

yuriescl opened this issue Feb 2, 2021 · 3 comments

Comments

@yuriescl
Copy link

yuriescl commented Feb 2, 2021
edited
Loading

Failed to start app image for the first time as non-root user:

$ ./Solar-Wallet-0.26.1.AppImage 
[24647:0202/140844.995112:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_Solar-TsNuku/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)

$ cat /etc/os-release 
PRETTY_NAME="LMDE 4 (debbie)"
NAME="LMDE"
VERSION_ID="4"
VERSION="4 (debbie)"
ID=linuxmint
ID_LIKE=debian
HOME_URL="https://www.linuxmint.com/"
SUPPORT_URL="https://forums.linuxmint.com/"
BUG_REPORT_URL="http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/"
PRIVACY_POLICY_URL="https://www.linuxmint.com/"
VERSION_CODENAME=debbie
DEBIAN_CODENAME=buster
@moranbw
Copy link

moranbw commented Feb 3, 2021
edited
Loading

You can workaround this by running the AppImage with --no-sandbox option.

If this has any security implications, however, I'd be interested to know.

@ebma ebma mentioned this issue Feb 15, 2021
Closed
@moranbw
Copy link

moranbw commented Mar 26, 2021
edited
Loading

Doing some dig into Electron...it seems like this is a known issue of sorts. Not sure that 4755 will solve this (also as explained in PR comment, it just raises some new errors).

It seems like --no-sandbox is being suggested as the workaround/hack to get this to work. In some places (like snap) this has even been embedded into the ./AppRun. To me this seems drastic -- first sentence in electron docs on sandbox: "One of the key security features of Chromium is that all blink rendering/JavaScript code is executed within a sandbox." https://www.electronjs.org/docs/api/sandbox-option

I'm still learning Electron, so I'm not an expert here. But this seems like an issue worth addressing.

@ebma
Copy link
Member

ebma commented Mar 31, 2021

I honestly don't know what else I can do to work around this issue. The way I changed it in the pull request is based on what they do here and while it gets rid of the original error message, it obviously just delays the problem.

You could also try sysctl kernel.unprivileged_userns_clone=1 as pointed out in this comment but I don't know which implications this has on your operating system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix AppImage issues on linux satoshipay/solar
3 participants
@ebma @moranbw @yuriescl