GNU/Linux AppImage chrome-sandbox Canonical Permissions/Ownerships Issue

[davidganz]

Hi!

OS: Kali 2020
Message: You need to make sure that chrome-sandbox is owned by root and has mode 4755.
So the App Client as well as the Manager cannot be Run on GNU/Linux Kali due to the chrome-sandbox ownership issue.
That's because when you are packaging the App with appimagetool the root ownership is automatically changed to the User.
Also see: laurent22/joplin#2246 (comment)
Try find out a Solution... Because the above fix is working only with a System chrome-sandbox setup.

David

[stepan111]

Hello.

I have similar issue on debian. When I am trying to start Outline-Client next error shown:

2362:1025/213002.689632:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_OutlinBTQshI/chrome-sandbox is owned by root and has mode 4755.
[1]    2362 trace trap  ./Outline-Client.AppImage

Seems this message is related to electron/electron#17972 .

As workaround :

sysctl kernel.unprivileged_userns_clone=1

P.S.
Enabling this setting will decrease system security a bit:
https://security.stackexchange.com/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do
https://security.stackexchange.com/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do

[q4a]

On Ubuntu 24.04 I already have kernel.unprivileged_userns_clone=1
(checked with cat /proc/sys/kernel/unprivileged_userns_clone)
So workaround that helped me is

./Outline-Client.AppImage --no-sandbox