[Touch-packages] [Bug 2056627] Re: PHPStorm crashes when opening a project
Its not just that app images don't have a default path, we can handle that as well. It is that user namespaces have become a privileged operation, and the user must take some privileged action to allow applications to use them. That can be any of - moving the application into a well known privileged location that has a profile already associated with it. - creating a profile for the application where it is installed in their unprivileged location. This is currently allowed but problematic in that unprivileged code code potentially write to it and we are not currently restricting unprivileged applications from writing these locations. But that will come - tagging the application with the correct security label. The important part is the user must take a privileged action to allow applications that are using user namespaces to gain privilege. Note, applications that use user namespaces that don't require privilege are allowed, its only applications that require privilege within the user namespace. Unfortunately appimages that use use namespaces need the user to take one of the above privileged actions. And unfortunately Ubuntu can not "fix" this without disabling the protection. There are plans to improve the user experience and make this easier for users to do, but atm it is a manual process. The instructions provided by Seth will enable you to get the appimage running. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056627 Title: PHPStorm crashes when opening a project Status in apparmor package in Ubuntu: Confirmed Bug description: Filing mostly in case anyone else hits this and is looking for workarounds: Since the Update to 24.04 PHPStorm crashes on open for me. I think when it tries to preview a markdown file, like a README.md which is shown when opening a project. ``` [0309/094602.913394:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/user/bin/phpstorm/jbr/lib/chrome-sandbox is owned by root and has mode 4755. ``` Workaround 1 (wont persist reboots, needs root): sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 Workaround 2 (persists and doesn't need root): thanks to https://youtrack.jetbrains.com/issue/IDEA-313202/IDE- crashes-due-to-chrome-sandbox-is-owned-by-root-and-has-mode-error- when-IDE-is-launching-the-JCEF-in-a- sandbox#focus=Comments-27-7059083.0-0 * Run `/bin/phpstorm.sh dontReopenProjects` (to avoid it crashing on start) * ctrl+shift+a * type "Registry..." and select it * disable the "ide.browser.jcef.sandbox.enable" option * Restart phpstorm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056627] Re: PHPStorm crashes when opening a project
The unfortunate thing with AppImage is that there's no easy default path that can be confined as can be done for other systems. So you'll need to construct an AppArmor profile for your applications following the instructions at https://discourse.ubuntu.com/t/noble-numbat-release- notes/39890#unprivileged-user-namespace-restrictions-15 Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056627 Title: PHPStorm crashes when opening a project Status in apparmor package in Ubuntu: Confirmed Bug description: Filing mostly in case anyone else hits this and is looking for workarounds: Since the Update to 24.04 PHPStorm crashes on open for me. I think when it tries to preview a markdown file, like a README.md which is shown when opening a project. ``` [0309/094602.913394:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/user/bin/phpstorm/jbr/lib/chrome-sandbox is owned by root and has mode 4755. ``` Workaround 1 (wont persist reboots, needs root): sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 Workaround 2 (persists and doesn't need root): thanks to https://youtrack.jetbrains.com/issue/IDEA-313202/IDE- crashes-due-to-chrome-sandbox-is-owned-by-root-and-has-mode-error- when-IDE-is-launching-the-JCEF-in-a- sandbox#focus=Comments-27-7059083.0-0 * Run `/bin/phpstorm.sh dontReopenProjects` (to avoid it crashing on start) * ctrl+shift+a * type "Registry..." and select it * disable the "ide.browser.jcef.sandbox.enable" option * Restart phpstorm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056627] Re: PHPStorm crashes when opening a project
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056627 Title: PHPStorm crashes when opening a project Status in apparmor package in Ubuntu: Confirmed Bug description: Filing mostly in case anyone else hits this and is looking for workarounds: Since the Update to 24.04 PHPStorm crashes on open for me. I think when it tries to preview a markdown file, like a README.md which is shown when opening a project. ``` [0309/094602.913394:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/user/bin/phpstorm/jbr/lib/chrome-sandbox is owned by root and has mode 4755. ``` Workaround 1 (wont persist reboots, needs root): sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 Workaround 2 (persists and doesn't need root): thanks to https://youtrack.jetbrains.com/issue/IDEA-313202/IDE- crashes-due-to-chrome-sandbox-is-owned-by-root-and-has-mode-error- when-IDE-is-launching-the-JCEF-in-a- sandbox#focus=Comments-27-7059083.0-0 * Run `/bin/phpstorm.sh dontReopenProjects` (to avoid it crashing on start) * ctrl+shift+a * type "Registry..." and select it * disable the "ide.browser.jcef.sandbox.enable" option * Restart phpstorm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056627] Re: PHPStorm crashes when opening a project
Also occurs with https://lmstudio.ai/ which is also AppImage based. I think the feature is broken in general ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056627 Title: PHPStorm crashes when opening a project Status in apparmor package in Ubuntu: Confirmed Bug description: Filing mostly in case anyone else hits this and is looking for workarounds: Since the Update to 24.04 PHPStorm crashes on open for me. I think when it tries to preview a markdown file, like a README.md which is shown when opening a project. ``` [0309/094602.913394:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/user/bin/phpstorm/jbr/lib/chrome-sandbox is owned by root and has mode 4755. ``` Workaround 1 (wont persist reboots, needs root): sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 Workaround 2 (persists and doesn't need root): thanks to https://youtrack.jetbrains.com/issue/IDEA-313202/IDE- crashes-due-to-chrome-sandbox-is-owned-by-root-and-has-mode-error- when-IDE-is-launching-the-JCEF-in-a- sandbox#focus=Comments-27-7059083.0-0 * Run `/bin/phpstorm.sh dontReopenProjects` (to avoid it crashing on start) * ctrl+shift+a * type "Registry..." and select it * disable the "ide.browser.jcef.sandbox.enable" option * Restart phpstorm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
