7

Regardless of what AppImage it is, attempting to run it produces a result similar to this:

[192808:0821/033305.658883:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_balenamyajdO/chrome-sandbox is owned by root and has mode 4755. /tmp/.mount_balenamyajdO/balena-etcher: line 10: 192808 Trace/breakpoint trap (core dumped) "${script_dir}"/balena-etcher.bin "$@"

Zero exceptions found. I am running XUbuntu 24.04 on a Ryzen 5 3600. Everything worked perfectly until I "upgraded" from XUbuntu 22.04.

Timothy Red Groves
  • 151

2 Answers2

0

Here is my solution for the arduino-AppImage, but I believe it's working on other AppImages, too. The modified arduino-AppImage works well on my system, but I don't know what happens when using it on different systems.

The problem seams to be, that the files extracted fro an AppImage to a temporary dir will lose the suid bit!

Modify an AppImage to use the chrome-sandbox file (in /opt) of local system:

  • Download appimagetool from https://github.com/AppImage/appimagetool/releases
  • Set TOOL to its full path
  • TOOL=$(find / -executable -iname "appimagetool*.AppImage")
  • cd
  • EXE=$(find . -maxdepth 1 -executable -name "*.AppImage")
  • mkdir t; cd t
  • ${EXE} --appimage-extract
  • cd squashfs-root/
  • Optional: sudo cp usr/share/icons/hicolor/512x512/apps/arduino-ide.png /usr/share/icons/hicolor/512x512/apps/arduino-ide.png
  • rm chrome-sandbox
  • ln -s $(find /opt -name "chrome-sandbox") chrome-sandbox
  • cd ..
  • ARCH=x86_64 ${TOOL} squashfs-root # Adjust ARCH as nessesary
  • rm -r squashfs-root/
  • move the new AppImage to desired dir
  • cd ..; rm -r t
Neiß Günter
  • 41
-3

If you do not mind relaxing your security settings, then this fix works for me, which --no-sandbox, --disable-setuid-sandbox, and changing the permissions on /tmp all do not.

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

Snag: you need to redo this every time you boot.

Liam Proven
  • 741