How to configure SUID sandbox helper binary? Cannot open AppImages on PureOS without disabling sandbox

LibreRed · August 31, 2020, 8:29am

mycomputer@pureos:~$ 'someAppImage.AppImage'
[2601:0831/042250.303556:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_standaxBKYL4/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap

This is one of my biggest issues with PureOS. It doesn’t let me run AppImage’s without a --no-sandbox flag enabled, which I don’t like enabling for security reasons. Obviously I don’t want to disable checking at the kernel level either. Is there a viable long-term fix for this issue? Can I manually configure SUID so it works?

Thanks!

reC · August 31, 2020, 11:26am

AFAIK all security goes out the window ANYWAY if you make an AppImage executable and then run it. the way the convenience of an .AppImage works is it demands your TRUST of whatever is INSIDE and the SOURCE.

if you need to make SURE then compile from source after you inspect the code (or after you get a green light from someone else). there is no easy solution unfortunately …

tracy · August 31, 2020, 2:32pm

Compile, then “PREP”, the object code and save the temp file.

(When we when to 16 bit, it was compiled then the object code was “LINKed”.)