search

dragoonDorise / EmuDeck

Emulator configurator for Steam Deck
GNU General Public License v3.0
2.91k stars 211 forks source link

[Bug Report] New Ubuntu 24.04 Sandbox permissions changes block installation #1206

Open queenkjuul opened 6 months ago

queenkjuul commented 6 months ago

Prerequisite Steps

What distro are you running?

Ubuntu 24.04 (beta)

Which SteamOS Branch are you using?

Not Using a Steam Deck

What happened?

Ubuntu has updated their default security policies in 24.04, which breaks userspace sandboxes for Electron-based applications. There are several fixes available in the 24.04 release notes.

At the very least, there should probably be a mention of this issue in the Wiki, with a link to the workarounds. Otherwise EmuDeck would probably need to request root permission and create an unconfined AppArmor profile for itself

I know Ubuntu isn't the primary target of this project but I've been running the 24.04 beta and got stuck when trying to install EmuDeck last night. I also imagine this will break installs for existing users who upgrade to 24.04.

Relevant log output

No response

Im-Elias commented 6 months ago

I can confirm this broke my emudeck installation, afterwards i did a fresh install on 24.04 and now i cant install emudeck.

dragoonDorise commented 6 months ago

@queenkjuul do .desktop files work on Ubuntu? or do you have to launch the appImage directly?

queenkjuul commented 6 months ago

@dragoonDorise .desktop files work yes. Using any of the workarounds in that link worked for me, once i disabled that security setting i was able to install everything normally no issues

dragoonDorise commented 6 months ago

@queenkjuul applied no sandbox workaround for Ubuntu, please confirm its working on your end :)

queenkjuul commented 6 months ago

@dragoonDorise not fixed, unfortunately. I set up a clean 24.04 VM, ran the instructions directly from the wiki, and ran into my original error: 

qkj@testing:~$ curl -L https://raw.githubusercontent.com/dragoonDorise/EmuDeck/main/install.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4123  100  4123    0     0  55187      0 --:--:-- --:--:-- --:--:-- 55716
installing EmuDeck
[6803:0430/030828.191945:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_EmuDecz9SzMs/chrome-sandbox is owned by root and has mode 4755.
bash: line 111:  6803 Trace/breakpoint trap   (core dumped) ~/Applications/EmuDeck.AppImage$sandbox
Something went wrong!
Error at 111 NULL: ~/Applications/EmuDeck.AppImage$sandbox
qkj@testing:~$
queenkjuul commented 6 months ago

or do I need to install from the dev branch?

dragoonDorise commented 5 months ago

@queenkjuul can you try again?

queenkjuul commented 5 months ago

Still no dice it seems, fully updated 24.04 VM:

qkj@testing:~$ curl -L https://raw.githubusercontent.com/dragoonDorise/EmuDeck/main/install.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4124  100  4124    0     0  33498      0 --:--:-- --:--:-- --:--:-- 33803
installing EmuDeck
[4710:0513/010304.979543:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_EmuDecBUbmRh/chrome-sandbox is owned by root and has mode 4755.
bash: line 111:  4710 Trace/breakpoint trap   (core dumped) ~/Applications/EmuDeck.AppImage $sandbox
Something went wrong!
Error at 111 NULL: ~/Applications/EmuDeck.AppImage $sandbox

This block is not being run, I think, because I never see the "Installing packages with apt..." message in the terminal


    if command -v apt-get >/dev/null; then
        echo "Installing packages with apt..."
        DEBIAN_DEPS="jq zenity flatpak unzip bash libfuse2 git rsync whiptail"
        sandbox=" --no-sandbox"
        sudo killall apt apt-get
        sudo apt-get -y update
        sudo apt-get -y install $DEBIAN_DEPS
queenkjuul commented 5 months ago

the issue is this logic here:


linuxID=$(lsb_release -si)
sandbox=""
if [ $linuxID != "ChimeraOS" ]; then

echo "installing EmuDeck"

elif [ $linuxID != "SteamOS" ]; then

the only way the dependency installations get run is if an OS is Chimera

StariusPrime commented 5 months ago

I just tried to install EmuDeck for the first time, on Kubuntu no less. I am also running into this problem. Is there a fix for it yet?

`

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4124  100  4124    0     0  50312      0 --:--:-- --:--:-- --:--:-- 50913
installing EmuDeck
[0601/194910.119982:FATAL:electron_main_delegate.cc(293)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
bash: line 111: 18891 Trace/breakpoint trap   (core dumped) ~/Applications/EmuDeck.AppImage $sandbox
Something went wrong!
Error at 111 NULL: ~/Applications/EmuDeck.AppImage $sandbox

`

netunguin commented 4 months ago

A suggestion: you can change the EmuDeck Script to: sh -c 'curl -L https://raw.githubusercontent.com/dragoonDorise/EmuDeck/main/install.sh > install.sh' bash ./install.sh $1

And add to install.sh linuxID=$(lsb_release -si) sandbox=$1

This way at least you give the user the option to pass a parameter when you execute: ./EmuDeck.sh --no-sandbox

As a work around if you want to install it with no sandbox, you can download the install.sh wget https://raw.githubusercontent.com/dragoonDorise/EmuDeck/main/install.sh and replace $sandbox for --no-sandbox that will do the trick to start EmuDeck on kubuntu 24.04

I think is less intrusive than trying to tweak the security layer on the OS, especially if you don't know what you are doing.

Yea yea someone will tell that is a risk and bla bla bla, if you have a better Idea propose it and not just complain. Besides that, the script already has an option to execute it no sand-boxed so.

By the way this is on a clean kubuntu install.

miscalaneous commented 1 month ago

wget https://raw.githubusercontent.com/dragoonDorise/EmuDeck/main/install.sh and replace $sandbox for --no-sandbox that will do the trick to start EmuDeck on kubuntu 24.04

This worked for me on Ubuntu 24.04.1. I had to do the same with editing the steam rom manager install script to get it to download. After which I could also run SRM directly with --no-sandbox.