buttercup-desktop AppImage complains about sandbox issue on lubuntu 24.04 LTS

buttercup / buttercup-desktop

:key: Cross-Platform Passwords & Secrets Vault

https://buttercup.pw

GNU General Public License v3.0

4.27k stars 327 forks source link

buttercup-desktop AppImage complains about sandbox issue on lubuntu 24.04 LTS #1355

Open aikiks opened 1 month ago

aikiks commented 1 month ago

Hi, when I try to start buttercup from the Appimage I get the following error message.

~/Downloads/AppImages$ ./Buttercup-linux-x86_64.AppImage [60849:0717/111256.607000:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_ButterrbXRkS/chrome-sandbox is owned by root and has mode 4755. Trace/Breakpoint ausgelöst (Speicherabzug geschrieben)

How can I solve this issue? Thanks, Karl

aehimself commented 1 month ago

I am on Ubuntu 24.04 aswell. Buttercup can be started and seems to be fully operational by starting it with the --no-sandbox parameter.

aikiks commented 1 month ago

cool, this indeed works. thx!!

But now I run into the next problem which is specified in an issue from somebody else last week titled something like ".... Authentification for Google drive fails"

In the original thread is no solution yet. Should I post a message there?

thx, Karl

P.S.: Buttercup is awesome!!!!

Samueru-sama commented 1 month ago

This is because Ubuntu restricted access to userns with apparmor

Linux mint rolled back that change

While solus dropped apparmor and snap support

perry-mitchell commented 4 weeks ago

@Samueru-sama Do you know if there's any action for us to take or is this something that the OS maintainers have to handle?

perry-mitchell commented 4 weeks ago

@aikiks Best to take that to a proper issue, I believe there's one floating around. Logs will be required for debugging to be possible.

Samueru-sama commented 4 weeks ago

@Samueru-sama Do you know if there's any action for us to take or is this something that the OS maintainers have to handle?

One option is to add --no-sandbox to the AppRun but I don't agree with such measure at all, it's a bad security practice that would affect all users of the appimage and not just the ubuntu ones.

This is something that ubuntu has to fix, maybe you could put instructions on how to disable the restriction, or maybe something using pkexec and zenity that will disable the restriction when agreed by the user, it is really bad that projects are being put on this position to fix ubuntu's issues.