Impossible to launch Mullvad GUI | The SUID sandbox helper binary was found, but is not configured correctly.

[lureedo]

It works using --no-sandbox.

[lureedo]

After a talk with mullvad support, they suggested using --no-sandbox option as a temporarily bypass to this issue.

Either /opt/Mullvad\ VPN/mullvad-gui --no-sandbox or /opt/Mullvad\ VPN/mullvad-vpn --no-sandbox work.

[raksooo]

@lureedo I found this thread on the Electron GitHub: https://github.com/electron/electron/issues/30758

Have you set user.max_user_namespaces kernel parameter to 0? The author of that issue seems to have found that this kernel parameter causes the same/similar issues with Electron/chromium applications using the sandbox.

[bungabunga]

The same problem here, after upgrade to Ubuntu 24.04, Mullvad version 2024.1. stable. Haven't changed any kernel stuff.

[lureedo]

@lureedo I found this thread on the Electron GitHub: electron/electron#30758

Have you set user.max_user_namespaces kernel parameter to 0? The author of that issue seems to have found that this kernel parameter causes the same/similar issues with Electron/chromium applications using the sandbox.

@raksooo After your message, I tested a bit this parameter and this is what i found out:

• In a fresh install, Ubuntu stock kernel set user.max_user_namespaces ≠ 0, but the client cannot be launched.
• After enabling --no-sandbox i fully setup my system and installed a custom kernel, liquorix.
• Liquorix set user.max_user_namespaces ≠ 0, and the client works as intended.
• Under liquorix, setting a persistent user.max_user_namespaces = 0 breaks the client.
• After undo the persistent parameter change, rebooting into Ubuntu 24.04 stock kernel finds user.max_user_namespaces ≠ 0 but the client crashes.

The culprit is Ubuntu stock kernel but not user.max_user_namespaces ?

[timsdeepsky]

Greetings, Same type of issue for me also.... Mullvad GUI impossible to launch under Ubuntu 24.04 LTS (April 25 2024 release-fresh install).... Appears to be similar to this bug #6128.... Installed the app without the Mullvad repository from the page below.... https://mullvad.net/en/help/install-mullvad-app-linux.... (using this code below)

wget --trust-server-names https://mullvad.net/download/app/deb/latest
sudo apt install ./MullvadVPN-2024.1_amd64.deb

(terminal output) **

t@t-HP-ENVY-17-Notebook-PC:~$ wget --trust-server-names https://mullvad.net/download/app/deb/latest sudo apt install ./MullvadVPN-2024.1_amd64.deb --2024-04-25 18:25:47-- https://mullvad.net/download/app/deb/latest Resolving mullvad.net (mullvad.net)... 45.83.223.209 Connecting to mullvad.net (mullvad.net)|45.83.223.209|:443... connected. HTTP request sent, awaiting response... 302 Found Location: /en/download/app/deb/latest [following] --2024-04-25 18:25:48-- https://mullvad.net/en/download/app/deb/latest Reusing existing connection to mullvad.net:443. HTTP request sent, awaiting response... 302 Found Location: https://cdn.mullvad.net/app/desktop/releases/2024.1/MullvadVPN-2024.1_amd64.deb [following] --2024-04-25 18:25:48-- https://cdn.mullvad.net/app/desktop/releases/2024.1/MullvadVPN-2024.1_amd64.deb Resolving cdn.mullvad.net (cdn.mullvad.net)... 45.149.104.1 Connecting to cdn.mullvad.net (cdn.mullvad.net)|45.149.104.1|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 88931748 (85M) [application/octet-stream] Saving to: ‘MullvadVPN-2024.1_amd64.deb’

MullvadVPN-2024.1_a 100%[===================>] 84.81M 707KB/s in 89s

2024-04-25 18:27:18 (971 KB/s) - ‘MullvadVPN-2024.1_amd64.deb’ saved [88931748/88931748]

[sudo] password for t: Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'mullvad-vpn' instead of './MullvadVPN-2024.1_amd64.deb' The following NEW packages will be installed: mullvad-vpn 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/88.9 MB of archives. After this operation, 351 MB of additional disk space will be used. Get:1 /home/t/MullvadVPN-2024.1_amd64.deb mullvad-vpn amd64 2024.1 [88.9 MB] Selecting previously unselected package mullvad-vpn. (Reading database ... 169343 files and directories currently installed.) Preparing to unpack .../t/MullvadVPN-2024.1amd64.deb ... Unpacking mullvad-vpn (2024.1) ... Setting up mullvad-vpn (2024.1) ... Created symlink /etc/systemd/system/multi-user.target.wants/mullvad-daemon.servi ce → /usr/lib/systemd/system/mullvad-daemon.service. Created symlink /etc/systemd/system/mullvad-daemon.service.wants/mullvad-early-b oot-blocking.service → /usr/lib/systemd/system/mullvad-early-boot-blocking.servi ce. Processing triggers for hicolor-icon-theme (0.17-2) ... Processing triggers for gnome-menus (3.36.0-1.1ubuntu3) ... Processing triggers for desktop-file-utils (0.27-2build1) ... **> N: Download is performed unsandboxed as root as file '/home/t/MullvadVPN-2024.1_amd64.deb' couldn't be accessed by user 'apt'. - pkgAcquire::Run (13: Permission denied)** t@t-HP-ENVY-17-Notebook-PC:~$

(noticed this from the terminal text) N: Download is performed unsandboxed as root as file '/home/t/MullvadVPN-2024.1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)**

(the temp fix shown up the page does work for me and launches the gui and lets me login for the session....) (but this shows me leaking dns servers on the Mullvad page....) Either /opt/Mullvad\ VPN/mullvad-gui --no-sandbox or /opt/Mullvad\ VPN/mullvad-vpn --no-sandbox work

Report details

Date generated:2024-04-25 18:15:36

Hardware Information:

Hardware Model:Hewlett-Packard HP ENVY 17 Notebook PC Memory:12.0 GiB Processor:Intel® Core™ i7-4720HQ × 8 Graphics:Intel® HD Graphics 4600 (HSW GT2) Disk Capacity:1.0 TB

Software Information:

Firmware Version:F.57 OS Name:Ubuntu 24.04 LTS OS Build:(null) OS Type:64-bit GNOME Version:46 Windowing System:Wayland Kernel Version:Linux 6.8.0-31-generic

Thank you....

[brian-bourdon]

I have the same problem after upgrading to ubuntu 24.04 LTS (mullvad version: 2024.2)

[LinuxEnthusiast99]

Temporary workaround:

Add --no-sandbox flag in /usr/share/applications/mullvad-vpn.desktop from

Exec="/opt/Mullvad VPN/mullvad-vpn" %U

to

Exec="/opt/Mullvad VPN/mullvad-vpn" --no-sandbox %U

or there is the error

FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/Mullvad VPN/chrome-sandbox is owned by root and has mode 4755. Trace/breakpoint trap (core dumped)

The same flag must be added in the Startup Application entry.

[raksooo]

We've now released 2024.3 which contains a fix for this issue. --no-sandbox is no longer needed for the app to run under these circumstances.

[LinuxEnthusiast99]

@raksooo thanks, fix confirmed

[tinglycraniumplacidly]

I'm running 2024.3 and I still have to use --no-sandbox to run mullvad-gui. This is also after upgrading Ubuntu to 24.04

[bungabunga]

I am on Ubuntu 24.04 and Mullvad 2024.03 and everything is working fine now.

[Flimm]

This bug report is mentioned by this official web page: https://mullvad.net/en/help/install-mullvad-app-linux

> We have not tested the Mullvad VPN app on Ubuntu 24.04 and it may not start.

That web page may need to be modified now that a fix has been released.

This has been fixed now.

[gamer191]

For end-users: if you encounter this issue, run sudo dpkg-reconfigure mullvad-vpn

For developers: This issue is not properly fixed, because the patch is only applied if Mullvad VPN is configured after upgrading to 24.04. The following common usecase will likely trigger this issue:

1. install Mullvad-VPN on a previous version of Ubuntu
2. upgrade to 24.04

EDIT: If, after upgrading to 24.04, the user were to upgrade the mullvad-vpn package, I believe that would fix this issue. This is likely the reason why the patch appeared to be effective (users who were waiting for the patch had already upgraded to 24.04, and the patch forced them to upgrade the mullvad-vpn package). However, 90% of the time there won't be an upgrade available (I haven't tested this, so it's possible there's some mechanism that means an upgrade will always be available)

[tinglycraniumplacidly]

For end-users: if you encounter this issue, run sudo dpkg-reconfigure mullvad-vpn

For developers: This issue is not properly fixed, because the patch is only applied if Mullvad VPN is configured after upgrading to 24.04. The following common usecase will likely trigger this issue:

1. install Mullvad-VPN on a previous version of Ubuntu

2. upgrade to 24.04

thank you, this worked for my case!

[mrp52]

Sigh this issue has popped up again for me on KDE Neon User. Works with --no-sandbox fine but sadly sudo dpkg-reconfigure mullvad-vpn doesn't fix it.

I know KDE Neon is a "moving target" but figured I would add to this for anyone else that hits this problem. Using Mullvad 2024.5 installed via the standard ubuntu repo method.

Also fails with 2024.6-beta manually installed via the MullvadVPN-2024.6-beta2_amd64.deb package.

Full output from the error with the stable 2024.5 install

[11702:1020/120617.802188:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/Mullvad VPN/chrome-sandbox is owned by root and has mode 4755.
zsh: trace trap (core dumped)  /opt/Mullvad\ VPN/mullvad-vpn

And the permissions for chrome-sandbox (that appear to be correct?)

.rwxr-xr-x   54k root  3 Sep 14:54  chrome-sandbox

[mrp52]

After a little research today I found a simple solution. It appears that on Ubuntu the package correctly installs the apparmor profile but it doesn't on some Ubuntu-based distros such as KDE Neon

This was simply fixed by manually installing the profile with the following after installing Mullvad VPN

sudo cp /opt/Mullvad\ VPN/resources/apparmor_mullvad /etc/apparmor.d/mullvad
sudo apparmor_parser -r /etc/apparmor.d/mullvad

[magnum61]

After a little research today I found a simple solution. It appears that on Ubuntu the package correctly installs the apparmor profile but it doesn't on some Ubuntu-based distros such as KDE Neon

This was simply fixed by manually installing the profile with the following after installing Mullvad VPN

sudo cp /opt/Mullvad\ VPN/resources/apparmor_mullvad /etc/apparmor.d/mullvad
sudo apparmor_parser -r /etc/apparmor.d/mullvad

I have a new install with KDE neon (latest release from yesterday) and trapped into the error. The two commands you provided worked for me as well.

[mrp52]

I have a new install with KDE neon (latest release from yesterday) and trapped into the error. The two commands you provided worked for me as well.

Glad my comment helped. Hopefully the Mullvad team can have a look at the package install script and figure out why it isn't installing the AppArmor profiles on Ubuntu-based distros like it does on Ubuntu itself.

[magnum61]

Yeah, would be great, especially because it's only two lines of code in the post-install scripts after the used linux version is determined during setup.