Unable to Install Affine on Ubuntu 24.04 LTS Due to SUID Sandbox Configuration Issue​

[bestagi]

What happened?

I am encountering difficulties installing Affine on my Ubuntu 24.04 LTS system. Following the download of the Affine program (affine-0.13.5-stable-linux-x64.appimage), I attempted to execute it using the following command:

./affine-0.13.5-stable-linux-x64.appimage

However, the installation process was interrupted by the following error message:

[18141:0428/091226.592669:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_affinegLhOEo/chrome-sandbox is owned by root and has mode 4755. Trace/breakpoint trap (core dumped)

Steps to Reproduce:

Downloaded the Affine program (affine-0.13.5-stable-linux-x64.appimage) from the official source.
Executed the AppImage using the command mentioned above.

Expected Behavior:
Affine should have been installed and executed without any issues.

Actual Behavior:
The installation process halted, and the error message cited above was displayed.

Additional Context:

My Ubuntu 24.04 LTS system utilizes Fuse 3, whereas Affine requires Fuse 2 for proper execution.
In an attempt to resolve this issue, I installed libfuse2 as a dependency for Affine.
Despite installing libfuse2, the error persists, indicating a problem with the SUID sandbox helper binary configuration.
System Information:

Operating System: Ubuntu 24.04 LTS
Affine Version: 0.13.5
AppImage Architecture: x64

Proposed Solution:
It appears that the issue lies in the configuration of the SUID sandbox helper binary. I would appreciate any guidance or assistance in resolving this matter to successfully install and utilize Affine on my Ubuntu 24.04 LTS system.

Distribution version

Linux

What browsers are you seeing the problem on if you're using web version?

No response

Are you self-hosting?

• Yes

Relevant log output

No response

Anything else?

No response

[affine-issue-bot]

Issue Status: 🆕 *Untriaged

*🆕 Untriaged

The team has not yet reviewed the issue. We usually do it within one business day.
Docs: https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md

^{_{This is an automatic reply by the bot.}}

[pengx17]

My Ubuntu 24.04 LTS system utilizes Fuse 3, whereas Affine requires Fuse 2 for proper execution.
In an attempt to resolve this issue, I installed libfuse2 as a dependency for Affine.

As it is for now, affine appimage has to be integrated with AppImageLauncher for full functionalities, which I think manual installing fuse is no longer required TheAssassin/AppImageLauncher#394.

I haven't seen the sandboxing issue before, but there is a long discussion at electron/electron#17972. It seems there are some workaround in there:

1. Enable unprivileged access to CLONE_NEWUSER in your kernel. Some kernels support changing this with sysctl kernel.unprivileged_userns_clone=1.
2. Disable sandboxing entirely by launching with --no-sandbox. Adding this argument from JS is unfortunately insufficient, as the GPU process is launched before the main process JS is run.

Looks like option 2 is something affine can do in the build process. In the meantime, can you try the first workaround?

[bestagi]

Thank you for your assistance and suggestions.

I wanted to clarify that the issue I encountered with Affine on Ubuntu 24.04 LTS stems from the compatibility between AppImages and the FUSE versions. As highlighted in a recent article on OMG! Ubuntu, newer versions of Ubuntu, including 24.04 LTS, ship with FUSE v3, while AppImages require FUSE v2 to function properly. This explains the error message I received when trying to execute Affine, indicating the absence of libfuse.so.2.

I followed your advice and installed libfuse2t64 using sudo apt install libfuse2t64, but unfortunately, the error persisted even after enabling unprivileged access to CLONE_NEWUSER in the kernel with sudo sysctl kernel.unprivileged_userns_clone=1.

As a temporary workaround, I tried launching Affine with the --no-sandbox argument (./affine-0.13.5-stable-linux-x64.appimage --no-sandbox). While this allowed the application to run, it did not provide a proper installation on my system; rather, it behaved more like a portable program.

Given these circumstances, I'm wondering if there are any further steps or alternative solutions we could explore to ensure a successful installation and execution of Affine on Ubuntu 24.04 LTS. Release app on Flatpak/Snapcraft maybe?

[pengx17]

My next step is to provide a snap package for ubuntu users, targeting next week.
I am still investigating the flatpak one.

@bestagi

[bestagi]

Love to heard that. I will close this issue because this problem already fixed.

[kde42]

hey, still have the same issue and it is so bad that i have to add an strace before ./affine --no-sandbox or it does not work very well and crashes, checked everything but still... where can i find your package snap for ubuntu users ?