Crash after Update Linux v1.15.2

[Masgalor]

After updating the AppImage from v1.14.0 to v1.15.2 Bitwarden crashes with the following message.

[20808:0802/001112.252976:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/Bitwarden/chrome-sandbox is owned by root and has mode 4755.

After that I installed Bitwarden with the provided .deb package which produces the same error.
But here I was able change the permission as mentioned in the error what solved the problem.

[kspearrin]

I am not able to reproduce this on Ubuntu. Seems there is a thread with electron about the error here though: electron/electron#17972

[Masgalor]

This comment sums it up pretty good: electron/electron#17972 (comment)

Electron uses the kernel feature CLONE_NEWUSER which is disabled by default on some distros because of security concerns.

I'm on Debian where it is disabled, while your Ubuntu has it enabled.
That's why you can't reproduce it.

Besides of that electron has a fallback mechanism, the mentioned SUID sandbox helper binary.
To make use of this binary it needs the permission set 4755 but it is shipped with 0755.
So in the first place the packaging process should be improved to set the correct permissions.

Otherwise people need to activate the mentioned kernel feature.
sysctl kernel.unprivileged_userns_clone=1

[kspearrin]

Looks like there is an open bug with our builder library here: electron-userland/electron-builder#3872

I am following it for any updates.

[vladimiry]

I am not able to reproduce this on Ubuntu

Executing sudo sysctl kernel.unprivileged_userns_clone=0 can help with reproducing the case.

[vladimiry]

Besides of that electron has a fallback mechanism

This fallback mechanism comes with Chromium (SUID sandbox), so Electron uses it as a given thing. Besides that as far as I now this thing won't work for the AppImage case. But hadrcoding --no-sandbox argument in AppImage's AppRun script will solve the issue (this approach is already applied for the recent electron-builder versions, but only for the Snap target so far). Running the app like ./my-app.AppImage --no-sandbox is also a workaround.

[Gaudon]

This version is constantly crashing on Windows 10 as well if it's related. #293

[IanTheEngineer]

--no-sandbox arg workaround for those that use the Bitwarden Freedesktop tray icon, edit the Exec line of the *.desktop file with a _space_"--no-sandbox"_space_ after the AppImage and before the %U

Eg. edit ~/.local/share/applications/appimagekit-bitwarden.desktop:

[Desktop Entry]
Name=Bitwarden
Comment=A secure and free password manager for all of your devices.
Exec="/path/to/Bitwarden-1.15.2-x86_64.AppImage" "--no-sandbox" %U
Terminal=false
Type=Application
Icon=appimagekit-bitwarden
...

[CLechleitner42]

FYI: We can reproduce the problem on Debian Buster, adding --no-sandbox helps.

[vctt94]

I can also reproduce this issue at Debian Buster

[bitwarden-bot]

Hi @Masgalor,
We're cleaning up our repositories in preparation for a major reorganization. Issues from last year will be marked as stale and closed after two weeks. If you still need help, comment to let us know and we'll look into it.
Thanks!