Page MenuHomeSolus

Flatpak-installed Chromium fails to run with "Your Flatpak version does not support the expose-pids flag, which means that Chromium is unable to run..."
Closed, ResolvedPublic

Description

Entire message:

Your Flatpak version does not support the expose-pids flag,
which means that Chromium is unable to run. This generally
happens if your distro's bubblewrap installation is setuid
instead of using user namespaces.

Also reported by another user in the forum discussion

There the RCA and proposed solution by @Harvey is:

Can confirm bubblewrap is setuid
https://dev.getsol.us/source/bubblewrap/browse/master/package.yml$16
...
Other distros seem to have --with-priv-mode=none or ship two packages to cover both options.

Event Timeline

vitalvital updated the task description. (Show Details)
joebonrichie added a subscriber: joebonrichie.EditedJan 14 2021, 12:34 PM

Some more discussion: https://github.com/flatpak/flatpak/issues/2641 and https://bugs.archlinux.org/task/62990 and https://build.opensuse.org/package/view_file/home:alphard:general/linux-alphard-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?expand=0

I would really like a one-size fits all solution for this and not a conflicts replaces nightmare for bubblewrap-suid and bubblewrap.

Would anything break where privmode=none such as libwebkit-gtk sandboxing?

If we _need_ to keep bubblewrap with suid then one solution is to build flatpak with the bundled bubblewrap. Otherwise lower the privmode to none.

joebonrichie triaged this task as Normal priority.EditedJan 14 2021, 1:09 PM
joebonrichie moved this task from Backlog to Package Fixes on the Software board.
This comment has been deleted.
JoshStrobl closed this task as Resolved by committing R766:b92b22254262: Use bundled bwrap.Jan 29 2021, 7:21 AM
JoshStrobl claimed this task.