I'm trying to setup an installation of the IDE 2.3 in a Ubuntu 24.04 LTS (beta) environment, and am facing an issue I'm unable to resolve. The IDE gets to the GUI for accepting terms and conditions, and just crashes if I try to proceed.
What I tried from the internet
The App Image complains about Chrome Sandbox. Someone has had this issue in the past, but in their case, they got a path for chrome-sandbox in /home/username/... so it was always the same, and they could chown it. I'm getting a random path in /tmp and it always vanishes after the App Image crashes.
Source: https://forum.arduino.cc/t/linux-install-issues/880034/4
CLI output
username@username-e14:/opt$ ./arduino-ide_2.3.2_Linux_64bit.AppImage
[14059:0413/233905.813890:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_arduinGsNYxm/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)
username@username-e14:/opt$ ll
total 185608
drwxr-xr-x 9 root root 4096 Apr 13 23:32 ./
drwxr-xr-x 23 root root 4096 Apr 12 10:14 ../
-rwxrwxr-x 1 username username 190013338 Apr 13 23:16 arduino-ide_2.3.2_Linux_64bit.AppImage*
drwxr-xr-x 8 root root 4096 Apr 12 20:18 arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-eabi/
drwxr-xr-x 3 root root 4096 Apr 12 11:07 google/
drwx------ 2 root root 16384 Apr 12 10:15 lost+found/
drwxr-xr-x 5 root root 4096 Apr 12 21:10 .pio-env/
drwxr-xr-x 3 root root 4096 Apr 12 20:21 STMicroelectronics/
I've tried these ownership combinations for the App Image, and all three give the same issue:
$ sudo chown username:username arduino-ide_2.3.2_Linux_64bit.AppImage
$ sudo chown root:username arduino-ide_2.3.2_Linux_64bit.AppImage
$ sudo chown root:root arduino-ide_2.3.2_Linux_64bit.AppImage
How do I proceed?
1 Answer 1
You can run Arduino IDE by adding --no-sandbox in the command line when starting it.
This is a workaround for a real problem with Ubuntu Noble 24.04 beta. Also other appimage files, like the one for Cider, have the same issue and solution.
-
Yeah, that does work... But I'm not comfortable overriding what seems to be a security feature. Also, the IDE just isn't supposed to need that flag, right? Let's wait for Canonical and OSS devs to fix it, thanks!eccentricOrange– eccentricOrange2024年04月24日 05:15:08 +00:00Commented Apr 24, 2024 at 5:15
-
1You can disable the new restriction in Ubuntu 24.04 for all applications using sanboxes (all those using chromium internally, AppImage apps, etc.) by adding kernel.apparmor_restrict_unprivileged_userns=0 to /etc/sysctl.conf (or a new file in /etc/sysctl.d/). Or you can create an AppArmor profile to disable the restriction to only the Arduino IDE (for examples, check any profile defined in /etc/apparmor.d/ that uses the "userns" override).MV.– MV.2024年04月28日 19:31:21 +00:00Commented Apr 28, 2024 at 19:31
-
1Adding this line in /etc/sysctl.conf indeed solves the issue. The --no-sandox is no longer needed. But is this a safe adaptation? Or only a temporary fix until a better solution becomes available?BertRAMAerts– BertRAMAerts2024年04月30日 06:30:37 +00:00Commented Apr 30, 2024 at 6:30
-
1@BertRAMAerts, using the sysctl change returns Ubuntu to the behavior of previous Ubuntu versions. I suggest better to configure AppArmor to except only the Arduino IDE. Check the following github report: github.com/arduino/arduino-ide/issues/2429MV.– MV.2024年05月08日 22:51:55 +00:00Commented May 8, 2024 at 22:51
-
I miss a proper solution, which does not involve bypassing or disabling new or improved security features. (AppArmor is not exactly new, but gets improved)user105939– user1059392024年05月13日 11:27:20 +00:00Commented May 13, 2024 at 11:27
Explore related questions
See similar questions with these tags.