Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

firejail teams-for-linux requires /opt/teams-for-linux/chrome-sandbox owned by root and has mode 4755 #1527

Open
leukimi opened this issue Dec 17, 2024 · 5 comments

Comments

@leukimi
Copy link

leukimi commented Dec 17, 2024

firejail teams-for-linux requires /opt/teams-for-linux/chrome-sandbox owned by root and has mode 4755

To Reproduce

  1. Open linux terminal (gnome-terminal or tilix)
  2. Type firejail teams-for-linux
  3. See error: The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/teams-for-linux/chrome-sandbox is owned by root and has mode 4755. Parent is shutting down, bye...

Tried the proposed solution to add apparmour file. It didn't solve the issue.

Proposed solution(s)

To fix this, the debian install script needs to make a chmod 4755 $(pkgdir_buildroot_debian)/opt/teams-for-linux/chrome-sandbox or have a debian/postinst file which does chmod 4755 /opt/teams-for-linux/chrome-sandbox after install. Probably needed for all distributions, such as Fedora/openSUSE/Archlinux/Manjaro.

System

  • OS: Ubuntu Budgie 24.04
  • Installation package: deb (from your repository)
  • Version: 1.12.3

Reference(s)

Maybe similar root cause as in issue #1426 but there is no concrete solution in the thread mentioning firejail and the choice to force changed permissions on the affected directory when the DEB package is created or include a postinst file to fix the issue after install.

@IsmaelMartinez
Copy link
Owner

can you check in https://codeberg.org/lars_uffmann/teams-for-linux-jailed and create an issue in there? There might be an equivalent to the apparmour for firejail but I have no idea/experience on this. Thanks for reporting

@woernsn
Copy link
Contributor

woernsn commented Dec 19, 2024

Happens also to me without using firejail.
I completely forgot about the problem as I'm so used to call sudo chmod 4755 /opt/teams-for-linux/chrome-sandbox anytime I update.

  • OS: Ubuntu 24.04.1 LTS (noble)
  • Installation: deb (from apt repository)
  • Version: all

@IsmaelMartinez
Copy link
Owner

@woernsn, the chmod issue can be sorted using an apparmour profile as explained in #1426 (comment) . I wonder if that change from Ubuntu has just broke firejail or something.

@woernsn
Copy link
Contributor

woernsn commented Dec 20, 2024

@woernsn, the chmod issue can be sorted using an apparmour profile as explained in #1426 (comment) . I wonder if that change from Ubuntu has just broke firejail or something.

Wow, thanks @IsmaelMartinez.
I remember I was googling this problem (as I have it for other apps as well) before but didn't find anything.
Somehow I completely missed this apparmor profiles workaround.

@IsmaelMartinez
Copy link
Owner

@leukimi , I don't know much about Apparmour and firejail but I suspect what you are seeing is a bit of a conflict between the two. https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-does-it-compare-with-apparmor

Check the AppArmor profile provided by Firejail. Probably worth asking at https://github.com/netblue30/firejail/ , as they seem to have similar issues in other packages like chromium netblue30/firejail#6368 .

Sorry but I don't think I can't help much more than this. Good luck and do report back if you find anything, otherwise I will close this ticket as it is not related to our app, but Ubuntu and firejail configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants