Login/Register
Building electron linux distro : The SUID sandbox helper binary was found, but is not configured correctly
Asked Answered
Solved linuxtfselectronelectron-builderelectron-packager
B

1

9

I am generating electron distro for linux. This is how the app is built This is how app is built in packge.json

 "builderForLinx": "electron-packager --out linx64 --overwrite --platform linux --appname myApp --asar"

this app structure myApp -> myApp(the linux executable), mian.js, resources -> myApp.asar

This gives an linux version electron package. But I have to run the following commands to run the app

sudo chmod +x ./myApp
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox

Actually I get the app from tfs build artifact and when I download this app, I want to directly run ./myApp.

This is my tfs definition, I run all these in bash, not my agent/build machines are windows ones.

#!/bin/bash 
cd "$(Build.ArtifactStagingDirectory)/myApp" ; pwd
chown <<username>> chrome-sandbox
chmod 4755 chrome-sandbox

Note : $(Build.ArtifactStagingDirectory) is the tfs variable which points to artifact directory. When I run the app directly in linux machine I see this error

The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/staff/kjeeva/licregsNew/v211/licensingclient/linx64/ClientSettings-asar/chrome-sandbox is owned by root and has mode 4755.

I am not well versed with linux environment, any help or suggestions on this will be great help.

Brachy answered 7/9, 2020 at 16:3 Comment(4)
Note the electron app is genarated as .TGZ file, when I tar and untar I want the file permssion to be retainedBrachy
For example chrome-sandbox needs to have -rwsr-xr-x and all others must have -rwxr-xr-xBrachy
when I tar the package and untar I want it to have same file permissionsBrachy
Hi friend, how about the issue? Does the answer below resolve your question, If yes, you could Accept it as an Answer , so it could help other community members who get the same issues and we could archive this thread, thanks. Also, feel free to let me know if you're still blocked~Goodbye
G
11

The SUID sandbox helper binary was found ... seems to be one hot issue about electron framework in Linux. You can check this discussion for more details.

Here're the available workarounds from that discussion:

1.chown and chmod the file first like what you did.

sudo chown root chrome-sandbox
chmod 4755 chrome-sandbox

2.If you get one appimage, you can run it directly with --no-sandbox arguemnt

3.sysctl kernel.unprivileged_userns_clone=1 to enable unprivileged access.

You've already used #1, but you can also check if #2/#3 is more suitable for your scenario.

This is my tfs definition, I run all these in bash, not my agent/build machines are windows ones.

Since part of your agents are Linux and others are Windows, I recommend you can use Conditions to manage the bash tasks. You can have two different bash tasks/steps, one for Linux and another for Windows. And then set their conditions to run correct commands conditionally. Something like this:

- task: Bash@3
  inputs:
    targetType: 'inline'
    script: |
      # Write commands here
      # ...
  displayName: 'Bash command for Linux'
  condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))

- task: Bash@3
  inputs:
    targetType: 'inline'
    script: |
      # Write commands here
      # ...
  displayName: 'Bash command for Windows'
  condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))

About predefined variable Agent.OS, you can check this document.

Goodbye answered 8/9, 2020 at 7:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.