beenull/ente
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

--no-sandbox does not prevent the SUID abort when added from JS

Browse source 
From https://github.com/toeverything/AFFiNE/issues/6722#issuecomment-2081805954

> Disable sandboxing entirely by launching with --no-sandbox. Adding this
  argument from JS is unfortunately insufficient, as the GPU process is launched
  before the main process JS is run.

Ref:
* https://github.com/electron/electron/issues/17972
This commit is contained in:
Manav Rathi 2024-05-13 10:14:07 +05:30
parent 3ba7bcbf06
commit 644e67f648
No known key found for this signature in database
2 changed files with 52 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
desktop/src/main.ts
View file

@ -133,15 +133,6 @@ const registerPrivilegedSchemes = () => {
]);
};
/**
* The Chromium sandbox causes the app to fail to run on various Linux
* distributions. Reproducible on Ubuntu 24.
*
* See: https://github.com/electron/electron/issues/17972
*/
const suidWorkaroundOnLinux = () =>
process.platform == "linux" && app.commandLine.appendSwitch("no-sandbox");
/**
* Create an return the {@link BrowserWindow} that will form our app's UI.
*
@ -365,7 +356,6 @@ const main = () => {
initLogging();
logStartupBanner();
suidWorkaroundOnLinux();
// The order of the next two calls is important
setupRendererServer();
registerPrivilegedSchemes();

83
docs/docs/photos/troubleshooting/desktop-install/index.md
View file

@ -9,37 +9,6 @@ The latest version of the Ente Photos desktop app can be downloaded from
[ente.io/download](https://ente.io/download). If you're having trouble, please
see if any of the following cases apply.
## AppImages on ARM64 Linux
If you're on an ARM64 machine running Linux, and the AppImages doesn't do
anything when you run it, you will need to run the following command on your
machine:
```sh
sudo ln -s /usr/lib/aarch64-linux-gnu/libz.so{.1,}
```
It is possible that the exact path might be different on your machine. Briefly,
what we need to do is create `libz.so` as an alias for `libz.so.1`. For more
details, see the following bugs in upstream repositories:
- libz.so cannot open shared object file on ARM64 -
[/github.com/AppImage/AppImageKit/issues/1092](https://github.com/AppImage/AppImageKit/issues/1092)
- libz.so: cannot open shared object file with Ubuntu arm64 -
[github.com/electron-userland/electron-builder/issues/7835](https://github.com/electron-userland/electron-builder/issues/7835)
## AppImage says it requires FUSE
See
[docs.appimage.org](https://docs.appimage.org/user-guide/troubleshooting/fuse.html#the-appimage-tells-me-it-needs-fuse-to-run).
tl;dr; for example, on Ubuntu,
```sh
sudo apt install libfuse2
```
## Windows
If the app stops with an "A JavaScript error occurred in the main process - The
@ -52,3 +21,55 @@ This is what the error looks like:
You can install the Microsoft VC++ redistributable runtime from here:<br/>
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170#latest-microsoft-visual-c-redistributable-version
## AppImages on ARM64 Linux
If you're on an ARM64 machine running Linux, and the AppImages doesn't do
anything when you run it, you will need to run the following command on your
machine:
```sh
sudo ln -s /usr/lib/aarch64-linux-gnu/libz.so{.1,}
```
It is possible that the exact path might be different on your machine. Briefly,
what we need to do is create `libz.so` as an alias for `libz.so.1`. For more
details, see the following upstream issues:
- libz.so cannot open shared object file on ARM64 -
[AppImage/AppImageKit/issues/1092](https://github.com/AppImage/AppImageKit/issues/1092)
- libz.so: cannot open shared object file with Ubuntu arm64 -
[electron-userland/electron-builder/issues/7835](https://github.com/electron-userland/electron-builder/issues/7835)
## AppImage says it requires FUSE
See
[docs.appimage.org](https://docs.appimage.org/user-guide/troubleshooting/fuse.html#the-appimage-tells-me-it-needs-fuse-to-run).
tl;dr; for example, on Ubuntu,
```sh
sudo apt install libfuse2
```
## Linux SUID error
On some Linux distributions, if you run the AppImage from the CLI, it might fail
with the following error:
> The SUID sandbox helper binary was found, but is not configured correctly.
This happens when you try to run the AppImage from the command line. If you
instead double click on the AppImage in your Files browser, then it should start
properly.
If you do want to run it from the command line, you can do so by passing the
`--no-sandbox` flag when executing the AppImage. e.g.
```sh
./ente.AppImage --no-sandbox
```
For more details, see this upstream issue on
[electron](https://github.com/electron/electron/issues/17972).