toeverything / AFFiNE

There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and ready to use.
https://affine.pro
Other
42.75k stars 2.8k forks source link

​Unable to launch through .desktop - SUID Sandbox Error: Affine 0.17.0 Fails to Launch on Ubuntu 22.04 LTS #8381

Open elindiotaino opened 2 months ago

elindiotaino commented 2 months ago

What happened?

I am encountering issues launching the Affine 0.17.0-stable-linux-x64 version on my Ubuntu 22.04 LTS system. While I can run the application directly from the executable in the extracted .zip folder, launching Affine from the .desktop file (or from the taskbar) fails. The logs show a SUID sandbox error that seems related to the chrome-sandbox binary.

This issue appears similar to what was reported in Issue #6722, which was marked as fixed. However, the problem persists for me in version 0.17.0.

System Information: OS: Ubuntu 22.04 LTS (GNOME) Affine Version: 0.17.0-stable-linux-x64 AppImage/.zip: Both tested libfuse2 Installed: Yes SUID sandbox permissions fixed: Yes, tried chmod 4755 on the chrome-sandbox binary.

Steps to Reproduce:

  1. Download Affine 0.17.0-stable-linux-x64.
  2. Extract the .zip or run the AppImage version.
  3. Set up a .desktop file to launch the extracted AFFiNE executable.
  4. Attempt to launch Affine via the .desktop file.

Expected Behavior: Affine should launch correctly (when launching from .desktop) without the SUID sandbox issue.

Actual Behavior: The .desktop file fails to launch the application. Running the executable directly works but doesn't provide the expected system integration.

Desktop File Contents:

[Desktop Entry]
Version=0.17.0
Name=Affine
Exec=/home/joche/Desktop/affine-0.17.0-stable-linux-x64/AFFiNE-linux-x64/AFFiNE
Path=/home/joche/Desktop/affine-0.17.0-stable-linux-x64/AFFiNE-linux-x64
Icon=/home/joche/Desktop/Icons/affine-icon.png
Type=Application
Categories=Office;Productivity;Graphics;
X-GNOME-Autostart-enabled=true
Terminal=false

Troubleshooting Steps Taken:

  1. Installed libfuse2 and verified it is correctly installed.

  2. Changed ownership and permissions of the chrome-sandbox binary:

    • sudo chown root:root /path/to/chrome-sandbox
    • sudo chmod 4755 /path/to/chrome-sandbox
  3. Tried launching with --no-sandbox flag:

    • Exec=/path/to/AFFiNE --no-sandbox
    • This worked when manually running the binary but not when using the .desktop file.
  4. Set AppArmor to "complain" mode using:

    • sudo aa-complain /path/to/AFFiNE
    • Issue persists even with AppArmor complain mode enabled.
  5. Attempted to manually set the .desktop file as trusted using:

    • gio set /home/joche/Desktop/affine.desktop metadata::trusted true
  6. Rebuilt the desktop icon cache:

    • gtk-update-icon-cache ~/.local/share/icons

Distribution version

Linux

What browsers are you seeing the problem on if you're using web version?

No response

Are you self-hosting?

Relevant log output

[16705:0924/104439.968663:FATAL:setuid_sandbox_host.cc(163)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)

Anything else?

Additional Notes:

Suggestions:

affine-issue-bot[bot] commented 2 months ago

Issue Status: 🆕 *Untriaged

*🆕 Untriaged**

The team has not yet reviewed the issue. We usually do it within one business day. Docs: https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md

This is an automatic reply by the bot.

pengx17 commented 2 months ago

Sorry, we have limited resource on linux right now. Will take a look in the following week, but no promise on how long will it take. Also, marked this issue as help wanted an see if there are any solutions from the community

pengx17 commented 1 month ago

@elindiotaino I reviewed the desktop file you provided and it looks like the exec entry is incorrect. If you integrate the appimage with AppImageLauncher, it will produce something like this:

[Desktop Entry]
Name=AFFiNE
Exec=AFFiNE --no-sandbox --disable-setuid-sandbox %u
Terminal=false
Type=Application
Icon=AFFiNE
StartupWMClass=AFFiNE
X-AppImage-Version=0.17.2
Comment=AFFiNE Desktop App
Categories=Utility
MimeType=x-scheme-handler/affine

The part --no-sandbox --disable-setuid-sandbox in EXEC is to make the electron app run without sandbox & %u is to pass deeplink urls to the app for sign-in workflow.