Cannot start IPFS desktop: The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now.

[Tanja-4732]

I'm running Manjaro Linux (based on Arch) and tried to install IPFS Desktop from source after the official (.AppImage) version didn't work.

But to my surprise, I got the same error.

I ran

• Git clone
• npm install
• npm start
  • The output of which is displayed below

[bernd@bernd-pc ipfs-desktop]$ npm start

> ipfs-desktop@0.9.0-beta.2 start /home/bernd/Build/ipfs-desktop
> cross-env NODE_ENV=development electron -r @babel/register src/index.js

[18816:0820/141831.072284:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/bernd/Build/ipfs-desktop/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.

Please note that I am also using nvm:

[bernd@bernd-pc ~]$ nvm ls
->     v11.15.0
        v12.8.0
         system
default -> 11.15.0 (-> v11.15.0)
node -> stable (-> v12.8.0) (default)
stable -> 12.8 (-> v12.8.0) (default)
iojs -> N/A (default)
unstable -> N/A (default)
lts/* -> lts/dubnium (-> N/A)
lts/argon -> v4.9.1 (-> N/A)
lts/boron -> v6.17.1 (-> N/A)
lts/carbon -> v8.16.0 (-> N/A)
lts/dubnium -> v10.16.2 (-> N/A)

Why won't IPFS Desktop start?
And what does the error mean anyways?

[hacdias]

I see you're using Manjaro, which is based on Arch, and that might be the issue. Please take a look at electron/electron#17972. I will see what I can do

[hacdias]

Just out of curiosity: are you using any other Electron apps?

[Tanja-4732]

Just out of curiosity: are you using any other Electron apps?

I am using VS Code (from the Manjaro repos) and Discord (from the AUR), which both work fine for me.

[hacdias]

People have reported me that the .AppImage from 0.9.0-beta.3 is working. I'll close this now. Please feel free to re-open if the issue persists.

[jacklund]

I'm running into this issue as well. I'm running Debian stretch.

% ./ipfs-desktop-0.9.2-linux-x86_64.AppImage
[4360:0912/221735.691205:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_ipfs-d4zHw66/chrome-sandbox is owned by root and has mode 4755.                                                                          
zsh: trace trap  ./ipfs-desktop-0.9.2-linux-x86_64.AppImage

% /opt/IPFS\ Desktop/ipfs-desktop
[5343:0912/221852.646119:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/IPFS Desktop/chrome-sandbox is owned by root and has mode 4755.                                                                                 
zsh: trace trap  /opt/IPFS\ Desktop/ipfs-desktop

^ From the .deb image

I also get the same thing when running from source

% npm start

> ipfs-desktop@0.9.2 start /home/jack/git/ipfs-desktop
> cross-env NODE_ENV=development run-s build:babel start:electron


> ipfs-desktop@0.9.2 build:babel /home/jack/git/ipfs-desktop
> babel src --out-dir out --copy-files --source-maps

Successfully compiled 41 files with Babel.

> ipfs-desktop@0.9.2 start:electron /home/jack/git/ipfs-desktop
> electron out/index.js

[6193:0912/221953.894155:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/jack/git/ipfs-desktop/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.

[hacdias]

Ugh, oh... Using Arch or some Arch-based distro, right?

[jacklund]

Nope, Debian buster, actually (I misspoke before when I said it was stretch).

[jacklund]

As another data point, when I sudo chmod 4755 /opt/IPFS\ Desktop/chrome-sandbox and then run it, I get:

% /opt/IPFS\ Desktop/ipfs-desktop  
zsh: trace trap  /opt/IPFS\ Desktop/ipfs-desktop

[ZeroAurora]

I'm running into this as well in Debian testing

[cchris-org]

ipfs-desktop-0.10.2-linux-x86_64.AppImage
Linux Mint LMDE (debian stretch)
Same here ..

[Mikaela]

Workaround seems to be enabling usernamespaces and receiving the security issues from it brave/brave-browser#3420. If I understand the Arch Wiki security page correctly, the same should work on Arch (and likely deriatives).

Adjusting that a bit:

echo 'kernel.unprivileged_userns_clone=1' | sudo tee /etc/sysctl.d/00-local-userns.conf
sudo sysctl -p --system

I ran into this on my laptop while not on family PC, both running Debian 10 and the difference is that on the family PC I have ran Brave and thus done that and after copying the config on the laptop that wasn't working, IPFS Desktop started working, but I don't think this is a real solution as you can see from the Brave issue.

[lidel]

FYI v0.10.4 shipped with updated ipfs-desktop.desktop manifest which starts the electron app with --no-sandbox by default, which fixes startup via GUI shortcut on Debian 10 without lowering security system-wide (unprivileged_userns_clone).

Running ipfs-desktop --no-sandbox is so far the most robust way of making it work on all distros without the need for root access. In case someone is interested in technical details, or other ways of fixing "Electron/Chromium sandboxing issue", I wrote some details in #1362 (comment).