Question: Do all electron apps need `--no-sandbox` option?

[serpro69]

I've been trying to install and run an electron app in an ubuntu-jammy-desktop container, and it seems that I can only run the application if I add the --no-sandbox option, otherwise I'm getting "operation not permitted" error.

Looking at some custom scripts, I can see the same is used for other electron-based apps like atom or vs-code.

I've also searched kasm documentation and it has no mention of why this option is needed, although it looks like it is "mandatory" in a sense. This includes the building custom images docs, which actually use "atom" in an example, but don't mention that this option is needed to run it.

I'm not very familiar with developing electron apps, but the electron documentation mentions that --no-sandbox option is recommended only for testing purposes. So I'm wondering if there are any "risks" or other implications of always running these apps with --no-sandbox. And if there're any workarounds to run electron apps w/o --no-sandbox option?

[serpro69]

I just saw there was a dedicated repo for issues. I'll close this and move the question there.