[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Electron apps in Debian with --no-sandbox

buckwheatpancake <buckwheatpancake@protonmail.com> wrote:

> So, Electron stuff in Debian comes with this annoying thing where it tells you chrome-sandbox (in various applications) needs to be owned by root and have mode 4755. If you set that, it just tells you the same, with another file. I've taken to running these things with the --no-sandbox option, because I don't know what the solution is... is this safe or recommended?

You are hitting https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446
and the fact that the Debian Kernel is patched to disable creation of
user namespaces from non-privileged process.

The canonically correct solution here is to do the following, as root:

echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
service procps restart

That should resolve this problem for now, until Debian concludes their
discussion in the linked bug and enables this feature per default, as
most other distributions already do.


Sigmentation fault. Core dumped.

Reply to: