FS#65655 - [discord] 0.0.10-1 doesn't start on linux-hardened 5.4.22.a-1-hardened
Attached to Project:
Community Packages
Opened by Andreas Schleifer (Segaja) - Friday, 28 February 2020, 17:52 GMT
Last edited by Filipe Laíns (FFY00) - Sunday, 01 March 2020, 19:22 GMT
Opened by Andreas Schleifer (Segaja) - Friday, 28 February 2020, 17:52 GMT
Last edited by Filipe Laíns (FFY00) - Sunday, 01 March 2020, 19:22 GMT
|
Details
When I try to start discord on linux-hardened I get the
following error:
[3205:0228/181602.447301:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/discord/chrome-sandbox is owned by root and has mode 4755. [1] 3205 trace trap (core dumped) discord This was already the case before the last discord package upgrade. It works fine on the normal linux kernel. |
This task depends upon
Closed by Filipe Laíns (FFY00)
Sunday, 01 March 2020, 19:22 GMT
Reason for closing: Fixed
Additional comments about closing: discord 0.0.10-2
Sunday, 01 March 2020, 19:22 GMT
Reason for closing: Fixed
Additional comments about closing: discord 0.0.10-2
`chmod u+s /opt/discord/chrome-sandbox`
FS#62469except that discord, being a proprietary binary, contains its own vendored electron.The solution is also the same: imitate the electron package by providing a setuid sandbox.
See https://wiki.archlinux.org/index.php/Security#Sandboxing_applications for more details. electron should NOT rely on the status of the kernel.unprivileged_userns_clone sysctl knob, and then break on systems where it is disabled.