![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#1 2021-08-30 07:27:55
- Dayan
- Member
- From: תל־אביב-יפו
- Registered: 2021-08-28
- Posts: 7
[SOLVED] AppImage of electron application
There is an AppImage I like to use which is from an Electron built application. However, in Debian and many Debian based distributions AppImages of electron applications can't run without "--no-sandbox" appended to it. As far as I understand it from what I've been reading is that in Debian, AppImages based on Electron require the kernel to be configured in a certain way to allow for its sandboxing to work as intended (specifically, the kernel needs to be allowed to provide “unprivileged namespaces”).
Is this a security issue to run an AppImage with "--no-sandbox"? Is it a security issue to enable unprivileged namespaces so the AppImage can run without the "--no-sandbox" parameter?
https://github.com/ramboxapp/community- … /tag/0.7.9
Would it be better to build the application from source? Only thing is, is I don't know how to keep an application built from source updated or how to cleanly remove it if I ever would want to.
Last edited by Dayan (2021-09-04 06:04:26)
Offline
#2 2021-08-30 09:30:53
- rbh
- Moderator
- From: South of Lapplands inland
- Registered: 2016-08-11
- Posts: 1,921
Re: [SOLVED] AppImage of electron application
in Debian and many Debian based distributions AppImages of electron applications can't run without "--no-sandbox" appended to it. As far as I understand it from what I've been reading is that in Debian, AppImages based on Electron require the kernel to be configured in a certain way to allow for its sandboxing to work as intended (specifically, the kernel needs to be allowed to provide “unprivileged namespaces”).
You can temporarily enable unprivileged namespaces with command:
sudo sysctl -w kernel.unprivileged_userns_clone=1 or permanently allow it. See https://docs.appimage.org/user-guide/tr … oxing.html
Is this a security issue to run an AppImage with "--no-sandbox"? Is it a security issue to enable unprivileged namespaces so the AppImage can run without the "--no-sandbox" parameter?
Yes. "a sandbox is a security mechanism for separating running programs," https://en.wikipedia.org/wiki/Sandbox_( … _security)
https://github.com/ramboxapp/community- … /tag/0.7.9
Would it be better to build the application from source? Only thing is, is I don't know how to keep an application built from source updated or how to cleanly remove it if I ever would want to.
You can allow the Appimage to run without sanbox. Or you can install the ramboxapp deb from your link. You can make a deb from source. When source is updated, you create a new deb.
// Regards rbh
Please read before requesting help: "Guide to getting help", "Introduction to the Bunsenlabs Lithium Desktop" and other help topics under "Help & Resources" on the BunsenLabs menu
Offline
#3 2021-09-02 12:29:15
- rbh
- Moderator
- From: South of Lapplands inland
- Registered: 2016-08-11
- Posts: 1,921
Re: [SOLVED] AppImage of electron application
@Dayan do you need more help with the subjectorisit solved?
If it is solved, can you edit the subjetctline in the first postand prepende: [Solved]?
Ev, summarize the solution.
// Regards rbh
Please read before requesting help: "Guide to getting help", "Introduction to the Bunsenlabs Lithium Desktop" and other help topics under "Help & Resources" on the BunsenLabs menu
Offline