FreeTubeApp / FreeTube

An Open Source YouTube app for privacy
https://freetubeapp.io/
GNU Affero General Public License v3.0
13.58k stars 850 forks source link

[Bug]: Ubuntu The SUID sandbox helper binary was found, but is not configured correctly. #5952

Open andreas-bulling opened 2 weeks ago

andreas-bulling commented 2 weeks ago

Guidelines

Describe the bug

  1. Installed the latest version 0.22
  2. Run on the console and look at output
2328249:1027/054053.089778:FATAL:setuid_sandbox_host.cc(163)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/FreeTube/chrome-sandbox is owned by root and has mode 4755.
[1]    2328249 trace trap (core dumped)  freetube

Expected Behavior

freetube should start up as it did in previous versions

Issue Labels

causes crash, feature stopped working, usability issue

FreeTube Version

0.22

Operating System Version

Ubuntu 24.10

Installation Method

.deb

Primary API used

Local API

Last Known Working FreeTube Version (If Any)

0.21

Additional Information

No response

Nightly Build

ChunkyProgrammer commented 2 weeks ago

There are some workarounds in the replies to this issue: https://github.com/FreeTubeApp/FreeTube/issues/5199

CrazzzzyChipmunk commented 2 weeks ago

DISCLAMER: I don't understand what exactly I did. May be some steps below are stupid and/or actually unneccessary and/or unsafe. Please, report here, if I did something wrong!


I encountered the same bug. Then I've done the following (instead of changing "kernel.apparmor_restrict_unprivileged_userns"):

  1. I created apparmor profile for "/usr/bin/freetube": I made a copy of "/etc/apparmor.d/chromium", named it as "/etc/apparmor.d/freetube" and edited that file (I replaced "chromium" with "freetube" everywhere in that file and specified the correct path to freetube binary).

  2. I reproduced the Step 1 above for "/opt/FreeTube/chrome-sandbox" in the same way.

  3. sudo systemctl restart apparmor.service

  4. sudo chmod 4755 "/opt/FreeTube/chrome-sandbox"

Now I have freetube 0.22.0 Beta working!


My freetube apparmor profile file (example):

# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"

abi <abi/4.0>,
include <tunables/global>

@{freetube} = freetube

profile freetube /usr/bin/freetube flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/freetube>
}
SoenkeGraf commented 2 weeks ago

4. sudo chmod 4755 "/opt/FreeTube/chrome-sandbox"

Next to: sudo chmod 4755 /opt/FreeTube/chrome-sandbox I added an additional: sudo chown root:root /opt/FreeTube/chrome-sandbox

To fully satisfy the requirements of the error message:

[9892:1027/095614.385039:FATAL:setuid_sandbox_host.cc(163)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/FreeTube/chrome-sandbox is owned by root and has mode 4755.

efb4f5ff-1298-471a-8973-3d47447115dc commented 2 weeks ago

Let move this to https://github.com/FreeTubeApp/FreeTube/issues/5199

As this is definitely a duplicate of https://github.com/FreeTubeApp/FreeTube/issues/5199

efb4f5ff-1298-471a-8973-3d47447115dc commented 2 weeks ago

Upstream issue that should be solved by https://github.com/electron-userland/electron-builder/pull/8636

darkstarfish1337 commented 2 weeks ago

I first thought I had this problem https://github.com/FreeTubeApp/FreeTube/issues/5963 on 24.04. When trying the workaround I received the problem stated in this thread. The suggested chmod/chown fix didn't work for me. The only way I got going again is to install the previous version again.

absidue commented 2 weeks ago

@darkstarfish1337 Because of Ubuntu's strict security settings, you need to create an AppArmor profile for FreeTube. Ubuntu comes with preinstalled AppArmor profiles for popular apps like Chromium and Visual Studio code but understandably they don't include any for smaller apps like FreeTube.

Please follow the steps in CrazzzzyChipmunk's comment above.

darkstarfish1337 commented 2 weeks ago

Woa, super quick reply!

Forgot to mention, that the profile didn't help, + also removing apparmor completely.

CrazzzzyChipmunk commented 1 week ago

@darkstarfish1337,

I first thought I had this problem #5963 on 24.04. When trying the workaround I received the problem stated in this thread. The suggested chmod/chown fix didn't work for me. The only way I got going again is to install the previous version again.

Hi! The workaround I proposed here https://github.com/FreeTubeApp/FreeTube/issues/5952#issuecomment-2439904647 is intended for one purpose only: to avoid using the global setting kernel.apparmor_restrict_unprivileged_userns=0, as it (I assume) may make the system more vulnerable.

I suspect there are some another reasons in your system (and/or environment) that prevent freetube to start. Try another old known workaround: https://github.com/FreeTubeApp/FreeTube/issues/5199#issuecomment-2439818583 . And if my assumption is correct, this workaround will not work for you too.

plutocrat commented 1 week ago

This happened to me after upgrade from .21 to .22 on Ubuntu 24. App wouldn't start, when launching from an icon. I tried launching it from the command line, and got this error. [15575:1101/104500.344527:FATAL:setuid_sandbox_host.cc(163)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/FreeTube/chrome-sandbox is owned by root and has mode 4755. Trace/breakpoint trap (core dumped) Following that advice allowed me to launch the app correctly: chmod 4755 chrome-sandbox