New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running as root without --no-sandbox is not supported. #28
Comments
What has changed between those builds? Has FreeCAD started using QtWebEngineProcess? Are you running FreeCAD as root? |
probonopd
in bionicpup64 or others puppy linux variants,yes,¨spot¨
Consider a ¨midway-end-user¨ here ..minimum coding and no Qt at all.i hesitate to open a new issue before asking devs what changed..+the fact that 0.19 is dev/pre !! but |
PuppyLinux is not one of the distributions we are generally targeting with AppImage, so unforeseen things may happen. Mainstream distributions like Ubuntu, Debian, Fedora, openSUSE are more likely to work with AppImages. |
probonopd |
Yes The way it works is that @looo provides weekly builds on Conda, @triplus has set up a Cron job on Travie-CI that packages these builds as an .AppImage. |
probonopd |
`Latest stable fc appimage do run here... wont fee left alone anyhow if dev branch dont!!' stable uses an older conda env with QTWebKit |
ok,and , |
Got it to load using this modified google-chrome ¨run-as-spot¨ script on extracted appimage; |
Turns out that it is a know issue that running QTWebEngine based applciations as root without QTWEBENGINE_DISABLE_SANDBOX does not work: https://www.google.com/search?q=root+QTWEBENGINE_DISABLE_SANDBOX Please file a bug with QTWebEngine. It seems to have worse system requirements than its predecessor. |
probonopd |
Hmmm...slow start ... |
https://bugreports.qt.io/browse/QTBUG-79710 |
be it that;
maybe you should close this issue? |
Hi @revolverve As explained above, we have migrated to using QtWebEngine in FreeCAD 0.19, before we used QWebKit. The migration happened due to Qt deprecating QWebKit. That is where the difference comes from, comparing FreeCAD 0.18 and FreeCAD 0.19 AppImage. In addition you are likely using Assembly 3 AppImage in your tests above? Anyway, by default we for sure won't be disabling QtWebEngine sandboxing. I feel that trying to detect, if the AppImage is run in root environment or not, and to disable sandboxing after, that likely isn't a good choice. But i understand, you would still like to run FreeCAD on Puppy Linux. Have you already tested the mentioned environment variable? Something like:
P.S. If that will work it should be considered as a valid solution, for special use cases, like yours. |
Why wouldn't it be a good idea to disable the sandbox when root detected? Preventing stuff from being run as root is counter to what "root" actually is, isn't it? |
Hi triplus ,
That is pretty straightforward!!! It for sure be consider a valid solution for puppy linux users you can live without sandboxing. Thank you all for your work and patience. |
I didn't investigate technical details in depth, but the way i understand it is Chromium developers decided sandboxing isn't supported, when running a Chromium based application as root. This therefore isn't related to AppImage. Other applications, such as Chrome browser, should behave the same. In the end therefore this is an end user (informed) decision, to disable sandboxing and use an application or not to do that. Good to hear that a workaround is working. FreeCAD currently isn't utilizing QtWebEngine heavily. Therefore disabling sandboxing isn't as problematic, security vise, as doing that for an application like a web browser. There is Web workbench in FreeCAD but i guess you don't plan to use it as a general purpose web browser. |
@triplus |
In distro :bionicpup64 8.0
these appimage did load Ok
-FreeCAD_0.19-17068-Linux-Conda_Py3Qt5_glibc2.12-x86_64
-FreeCAD_0.18-16131-Linux-Conda_Py3Qt5_glibc2.12-x86_64
but
these
-FreeCAD_0.19-18614-Linux-Conda_Py3Qt5_glibc2.12-x86_64
-FreeCAD_0.19-18522-Linux-Conda_Py3Qt5_glibc2.12-x86_64
wont run :
ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/63818
https://appimage.org/ on home page does state appimages.
¨..Can also run in a sandbox like Firejail...¨
Search fc forum found nothing about it and never had this error with that distro before.
Thanks
note that -FreeCAD_0.19-18614- did started in ubuntu 19.04(live session test only)__
The text was updated successfully, but these errors were encountered: