Closed Hyask closed 2 months ago
I'm not particularly fond of making the binary setuid by default. If your system has unprivileged namespaces this change is unnecessary. Furthermore, even if this was in the pipeline, the ownership still wouldn't be root requiring manual intervention (this is the case with all Electron applications, if it's installed in your distro that normally handles it by default).
At most, I'll update the README to note this.
Yes, I do agree that setuid was not the first solution I tried, since the risk here is quite huge. I forgot to mention in the original report that I've also played with the sysctl kernel.unprivileged_userns_clone
option, without success, although I admit I haven't tried a full reboot after activating this option.
I don't know anything in the Electron world, so haven't dug that issue very much, but there might be other more appropriate solution :thinking:
That's a bit weird. I set that to 1 on a clean Debian install, and I can definitely see that it makes a difference immediately
/sbin/sysctl kernel.unprivileged_userns_clone=1
and when I start Feishin, it no longer complains. Setting values via sysctl should take effect immediately, although they are not persistent
Trying Feishin on a Monday after the week-end reboot. I still correctly have sysctl kernel.unprivileged_userns_clone=1
, and now it's working correctly without me having to make chrome-sandbox
suid root.
I guess the topic is definitely closed, thanks :-)
Great! Weird that it required a reboot, but glad it's fully working
Expected Behavior
Be able to run Feishin without changing the rights of
chrome-sandbox
.Current Behavior
Executing Feishin with the AppImage or from the
tar.xz
archive on Ubuntu Noble (24.04) leads to the following error:Possible Solution (Not obligatory)
Executing the following in the extracted Feishin archive works around the issue:
There are some ideas on this issue. Perhaps running the
chown
/chmod
combo could be done in the CI?Context
Trying to run Feishin on Linux x86_64
Your Environment