Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Bug report) The SUID sandbox helper binary was found, but is not configured correctly #797

Open
XaverStiensmeier opened this issue Dec 16, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@XaverStiensmeier
Copy link

XaverStiensmeier commented Dec 16, 2024

Description

When calling trilium ./trilium this error appears and trilium does not show up.

[13548:1216/112400.074805:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/xaver/Downloads/TriliumNext Notes-linux-x64/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)

it runs without big issues when executing ./trilium --no-sandbox

./trilium --no-sandbox
(node:13661) ExperimentalWarning: Importing JSON modules is an experimental feature and might change at any time
(Use `trilium --trace-warnings ...` to show where the warning was created)
Language option not found, falling back to en.
Language option not found, falling back to en.
DB not initialized, please visit setup page
DB size: 4 KB
{
  "appVersion": "0.90.12",
  "dbVersion": 228,
  "nodeVersion": "v20.15.1",
  "syncVersion": 33,
  "buildDate": "2024-11-24T09:36:35Z",
  "buildRevision": "bb36b336949022870bd9d41572c064d289906aac",
  "dataDirectory": "/home/xaver/.local/share/trilium-data",
  "clipperProtocolVersion": "1.0",
  "utcDateTime": "2024-12-16T10:25:45.347Z"
}
CPU model: Intel(R) Core(TM) Ultra 7 165U, logical cores: 14, freq: 1133 Mhz
Trusted reverse proxy: false
App HTTP server starting up at port 37840
Listening on port 37840
MESA-INTEL: warning: cannot initialize blitter engine

TriliumNext Version

0.90.12

What operating system are you using?

Other Linux

What is your setup?

Local (no sync)

Operating System Version

Xubuntu 24.04

Error logs

[13548:1216/112400.074805:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/xaver/Downloads/TriliumNext Notes-linux-x64/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap (core dumped)

@pano9000
Copy link
Contributor

pano9000 commented Dec 16, 2024

Can you check the file permissions of the file: /home/xaver/Downloads/TriliumNext Notes-linux-x64/chrome-sandbox
Installation was done via the .zip file, I assume?

@XaverStiensmeier
Copy link
Author

Via zip file as I am still using Trilium and just wanted to checkout TriliumNext to see if I want to switch or not.

Permissions: -rwxr-xr-x 1 xaver xaver 54192 Nov 24 10:36 chrome-sandbox

Just to show you all the permissions:

 ls -all
total 226328
drwx------ 5 xaver xaver      4096 Nov 24 10:37 .
drwxr-xr-x 9 xaver xaver      4096 Dec 17 14:06 ..
-rw-r--r-- 1 xaver xaver      4277 Nov 24 10:37 anonymize-database.sql
-rw-r--r-- 1 xaver xaver    152251 Nov 24 10:36 chrome_100_percent.pak
-rw-r--r-- 1 xaver xaver    230312 Nov 24 10:36 chrome_200_percent.pak
-rwxr-xr-x 1 xaver xaver   1251088 Nov 24 10:36 chrome_crashpad_handler
-rwxr-xr-x 1 xaver xaver     54192 Nov 24 10:36 chrome-sandbox
drwxr-xr-x 3 xaver xaver      4096 Nov 24 10:37 dump-db
-rw-r--r-- 1 xaver xaver     14748 Nov 24 10:37 icon.png
-rw-r--r-- 1 xaver xaver  10468208 Nov 24 10:36 icudtl.dat
-rwxr-xr-x 1 xaver xaver    253960 Nov 24 10:36 libEGL.so
-rwxr-xr-x 1 xaver xaver   2682104 Nov 24 10:36 libffmpeg.so
-rwxr-xr-x 1 xaver xaver   6830432 Nov 24 10:36 libGLESv2.so
-rwxr-xr-x 1 xaver xaver   4345520 Nov 24 10:36 libvk_swiftshader.so
-rwxr-xr-x 1 xaver xaver   7438016 Nov 24 10:36 libvulkan.so.1
-rw-r--r-- 1 xaver xaver      1096 Nov 24 10:36 LICENSE
-rw-r--r-- 1 xaver xaver   9524131 Nov 24 10:36 LICENSES.chromium.html
drwxr-xr-x 2 xaver xaver      4096 Nov 24 10:36 locales
drwxr-xr-x 5 xaver xaver      4096 Nov 24 10:37 resources
-rw-r--r-- 1 xaver xaver   5747551 Nov 24 10:36 resources.pak
-rw-r--r-- 1 xaver xaver    310242 Nov 24 10:36 snapshot_blob.bin
-rwxr-xr-x 1 xaver xaver 181704176 Nov 24 10:36 trilium
-rw-r--r-- 1 xaver xaver        93 Nov 24 10:37 trilium-no-cert-check.sh
-rwxr-xr-x 1 xaver xaver        99 Nov 24 10:37 trilium-portable.sh
-rw-r--r-- 1 xaver xaver        96 Nov 24 10:37 trilium-safe-mode.sh
-rw-r--r-- 1 xaver xaver    662053 Nov 24 10:36 v8_context_snapshot.bin
-rw-r--r-- 1 xaver xaver         6 Nov 24 10:36 version
-rw-r--r-- 1 xaver xaver       107 Nov 24 10:36 vk_swiftshader_icd.json

@pano9000
Copy link
Contributor

thanks.
I've downloaded and unzipped the zip file on my system as well and I get the same permissions (0755 / no SUID bit) as you, HOWEVER for me it works without any sandbox warning.
I am on Kubuntu 24.04 (so base system should be the same as yours).

I wonder why the error message says the file should be owned by root and have 4755 (with SUID bit) as permissions, on your end, but it doesn't on my end, even though we both have the same permissions set...

As a workaround for your testing period, you could maybe try to set the permissions accordingly as requested, although I'm not sure if that really is a proper secure solution here (disclaimer: I am not an Electron expert):
sudo chown root:root chrome-sandbox
sudo chmod 4755 chrome-sandbox

@XaverStiensmeier
Copy link
Author

Yea, should be the same. Setting the group to root doesn't make much sense from my perspective as I don't understand why it needs to be owned by root - which is quite a specific request tbh.

@pano9000
Copy link
Contributor

it needs to be root, to be able to create the sandbox it seems:
https://storymode7.wordpress.com/2021/01/16/whats-with-chrome-sandbox-electron/
electron/electron#42510

maybe someone else with a bit more knowledge about Electron here can shed some more light though, why the error happens on your side?

@eliandoran eliandoran added the bug Something isn't working label Dec 18, 2024
@XaverStiensmeier
Copy link
Author

But in that case it should work with sudo, shouldn't it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants