Skip to content

Commit

Permalink
Fix CI/CD runtime checks failing on Ubuntu 24.04
Browse files Browse the repository at this point in the history
GitHub runners now use Ubuntu 24.04, which introduces new restrictions
on unprivileged user namespaces affecting AppImages. This causes
runtime checks to fail when running Electron applications, producing
errors like:

```
[5475:1011/121711.489417:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_privacv1kcOj/chrome-sandbox is owned by root and has mode 4755.
```

This commit modifies CI workflow to disable the restrictions during
runtime checks. This allows the runtime checks to pass by permitting
unprivileged user namespaces.

This works around the issue without requiring changes to the AppImage
itself. A more permanent solution may be needed in the future.

Related key Electron issues:

- electron/electron$41066
- electron/electron$42510
- electron-userland/electron-builder$844
  • Loading branch information
undergroundwires committed Oct 11, 2024
1 parent 69e7e0a commit 642cf2b
Showing 1 changed file with 24 additions and 1 deletion.
25 changes: 24 additions & 1 deletion .github/workflows/checks.desktop-runtime-errors.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
uses: ./.github/actions/install-imagemagick
-
name: Configure Ubuntu
if: contains(matrix.os, 'ubuntu') # macOS runner is missing Docker
if: contains(matrix.os, 'ubuntu')
shell: bash
run: |-
sudo apt update
Expand Down Expand Up @@ -61,9 +61,32 @@ jobs:
# Install xdotool and xprop (from x11-utils) for window title capturing
sudo apt install -y xdotool x11-utils
# Workaround for Electron apps failing to initialize on Ubuntu 24.04 due to AppArmor restrictions
# Disables unprivileged user namespaces restriction to allow Electron apps to run
# Reference: https://github.com/electron/electron/issues/42510
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
# Install Vulkan support
sudo apt install libvulkan1 mesa-vulkan-drivers vulkan-tools
# Install additional X11 libraries
sudo apt-get install -y libgtk-3-0 libx11-xcb1 libxcb-dri3-0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxrandr2 libxss1 libxtst6 libnss3
# Install additional Mesa drivers
sudo apt-get install -y mesa-utils libosmesa6-dev
- name: Check Vulkan
if: contains(matrix.os, 'ubuntu')
run: |
vulkaninfo || echo "Vulkan not available"
- name: Check OpenGL
if: contains(matrix.os, 'ubuntu')
run: |
glxinfo | grep "OpenGL"
glxinfo | grep "direct rendering"
-
name: Test
shell: bash
env:
ELECTRON_DISABLE_SANDBOX: true
run: |-
export SCREENSHOT=true
npm run check:desktop
Expand Down

0 comments on commit 642cf2b

Please sign in to comment.