suid bit not set for /opt/<app-name>/chrome-sandbox is 0755 instead of 4755 when running with user namespaces enabled #8951
Comments
|
So how do we determine if we need 4755 versus 0755 if on ubuntu 24.04 it's still supposed to be 4755 with namespaces supported? Looks like this a regression caused by #8368, but the description and reasoning in the PR are well documented as to the reason for implementation and the issue it was also fixing |
|
Since this error occurred in a customised version of element-desktop I've come to the conclusion that it is caused by old electron code that was compiled with it. The latest uncustomisd version of element-desktop does not display this error. It is like this problem with Debian Buster (10). Whereas user namespaces have been turned on by default since Debian 11. Ubuntu 24, where I got the error, is based on Debian 13. |
Our application that uses Electron fails to run because of this error:
The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/catalystau-element-desktop/chrome-sandbox is owned by root and has mode 4755.Setting the permissions to 4755 fixes it.
The error appears to be in [https://github.com/electron-userland/electron-builder/tree/master/packages/app-builder-lib/templates/linux
/after-install.tpl](https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/templates/linux/after-install.tpl#L14)
A test for user spaces is made and if it fails, mode 4755 is set, and otherwise mode 0755. And yet, on Ubuntu 24.04 the correct mode appears to be 4755 if user namespaces are supported by the kernel and working. So the application won't run.
The text was updated successfully, but these errors were encountered: