Re: Electron apps in Debian with --no-sandbox
buckwheatpancake <firstname.lastname@example.org> wrote:
> So, Electron stuff in Debian comes with this annoying thing where it tells you chrome-sandbox (in various applications) needs to be owned by root and have mode 4755. If you set that, it just tells you the same, with another file. I've taken to running these things with the --no-sandbox option, because I don't know what the solution is... is this safe or recommended?
You are hitting https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446
and the fact that the Debian Kernel is patched to disable creation of
user namespaces from non-privileged process.
The canonically correct solution here is to do the following, as root:
echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
service procps restart
That should resolve this problem for now, until Debian concludes their
discussion in the linked bug and enables this feature per default, as
most other distributions already do.
Sigmentation fault. Core dumped.