LedgerHQ / ledger-live-desktop

⛔️ DEPRECATED - Ledger Live (Desktop)
https://www.ledger.com/live
MIT License
953 stars 301 forks source link

Ledger Live 2.0.1 doesn't start because of sandboxing issue #2718

Closed 1989gironimo closed 3 years ago

1989gironimo commented 4 years ago

Ledger Live Version and Operating System

Expected behavior

It should start.

Actual behavior

It doesn't start and throws an error: ./ledger-live-desktop-2.0.1-linux-x86_64.AppImage [6082:0316/080937.973448:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/user/1000/.mount_ledgerRAecks/chrome-sandbox is owned by root and has mode 4755.

Steps to reproduce the behavior

Try to start the application on this system. Disabling the sandbox with --no-sandbox is working.

gre commented 4 years ago

@1989gironimo are you running the app in root mode? maybe you should try to run it in a normal user mode, it seems it doesn't work in sudo mode.

1989gironimo commented 4 years ago

Nope, running as a normal user...

mcgarebear commented 4 years ago

I am also experiencing this issue on Debian 10 after my weekly patching - but not sure if coincidental

[9622:0316/211153.172914:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_ledgerDppEbB/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap

Passing the --no-sandbox flag works around the issue as mentioned, no problems with sync or anything after starting as far as I can tell.

obigroup commented 4 years ago

Same problem with Debian 10 with version 2.0.0.

./ledger-live-desktop-2.0.0-linux-x86_64.AppImage [6082:0316/080937.973448:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/user/1000/.mount_ledgerRAecks/chrome-sandbox is owned by root and has mode 4755.

How to solve it without using --no-sandbox ?

dud225 commented 4 years ago

This problem stems from Electon. There are 2 workarounds on Linux:

t0rv1c commented 4 years ago

+1 here! I am on Bionic. It was working well for a while but my system crashed while Ledger Live was open. Now, when I start the Ledger Live AppImage (2.0.1 and 2.1.0), I get "FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_ledger2m51zW/chrome-sandbox is owned by root and has mode 4755. Trace/breakpoint trap (core dumped)" If I start the app with --no-sandbox, it's ok. Any help would be greatly appreciated. Thanks!

Andrewskiz commented 4 years ago

Still having this issue on Debian 10 with Ledger Live v2.4.1

jlopp commented 4 years ago

This issue is pretty annoying, mainly because I open Ledger Live infrequently enough that I forget about the command line flag and have to find this issue again. Any way to fix your electron implementation to automatically skip this check?

gre commented 4 years ago

we will look at this again. I wonder if this is fixed in our upcoming Electron 9 migration (#2954). @valpinkman can you give a look at this when you have something stable there? thanks

1989gironimo commented 3 years ago

The issue still persists.

dud225 commented 3 years ago

Debian has finally enabled user namespaces by default starting from the kernel 5.10: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23898446#117 I can confirm to be able to launch the latest LL release without having to disable the Chromium sandbox.

jlopp commented 3 years ago

Confirmed, issue is resolved for me as well.

1989gironimo commented 3 years ago

I think, it's fixed now. Don't have this behavior anymore.