Not working on Ubuntu 24.04

[mcamou]

Probably because of the changes in AppArmor profiles:

$ bin/filecoin-station-linux-x86_64.appimage
[336526:0717/112836.874246:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_filecoLZxxPn/chrome-sandbox is owned by root and has mode 4755.
[1]    336526 trace trap (core dumped)  bin/filecoin-station-linux-x86_64.appimage

There is no /tmp/.mount* directory.

[mcamou]

The solution is to add an AppArmor profile. You need to add an /etc/apparmor.d/filecoin-station file, with the following contents (assuming that station is in /usr/local/bin/station.appimage:

abi <abi/4.0>,
include <tunables/global>
profile filecoin-station /usr/local/bin/station.appimage flags=(unconfined) {
  userns,
  include if exists <local/filecoin-station>
}

and then running systemctl restart apparmor

[juliangruber]

This looks to be due to a Debian update, to which Electron hasn't reacted yet:

• [Bug]: All versions of Electron (chromium upstream bug) fail to open on Ubuntu 24.04+ due to kernel.apparmor_restrict_unprivileged_userns=1 by default electron/electron#41066
• The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_electrdNG9pL/chrome-sandbox is owned by root and has mode 4755. electron-userland/electron-builder#6095
• Crashes on Ubuntu 24.04 due to permissions on /opt/Hyper/chrome-sandbox vercel/hyper#7915

I have subscribed to these issues and will update as soon as this is fixed upstream.

Possible fixes for users:

electron/electron#41066 (comment)

The temporary solution is disabling the kernel.apparmor_restrict_unprivileged_userns:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

electron/electron#41066 (comment)

For Balena Etcher, starting it with --no-sandbox --disable-gpu-sandbox fixes it.
Just make an alias or a script.

Possible fix for devs (besides waiting for upstream fixes):

vercel/hyper#7915 (comment)

It looks like electron-userland/electron-builder#6095 in electron-builder. In the resolution it says to run the build on Debian 11+. I find it strange that you would need to run the build at a newer OS version just to set file permissions. Actions ubuntu-latest is still 22.04 at the time of writing.