Page MenuHomeSolus
Create Task
Maniphest T9474

Flatpak-installed Chromium fails to run with "Your Flatpak version does not support the expose-pids flag, which means that Chromium is unable to run..."
Closed, ResolvedPublic
Actions

Description

Entire message:

Your Flatpak version does not support the expose-pids flag,
which means that Chromium is unable to run. This generally
happens if your distro's bubblewrap installation is setuid
instead of using user namespaces.

Also reported by another user in the forum discussion

There the RCA and proposed solution by @Harvey is:

Can confirm bubblewrap is setuid
https://dev.getsol.us/source/bubblewrap/browse/master/package.yml$16
...
Other distros seem to have --with-priv-mode=none or ship two packages to cover both options.

Revisions and Commits

R766 flatpak
D10411R766:b92b22254262 Use bundled bwrap

Event Timeline

vitalvital created this task.Dec 20 2020, 9:28 PM
vitalvital updated the task description. (Show Details)
SuperJC710e added a subscriber: SuperJC710e.Dec 20 2020, 9:33 PM
karypid added a subscriber: karypid.Dec 22 2020, 8:22 PM
kevindkeogh added a subscriber: kevindkeogh.Dec 27 2020, 9:31 PM
vitalvital added a project: Low Hanging Fruit.Dec 30 2020, 6:52 PM
JoshStrobl removed projects: Low Hanging Fruit, Third Party Software.Dec 30 2020, 6:56 PM
joebonrichie added a subscriber: joebonrichie.EditedJan 14 2021, 12:34 PM

Some more discussion: https://github.com/flatpak/flatpak/issues/2641 and https://bugs.archlinux.org/task/62990 and https://build.opensuse.org/package/view_file/home:alphard:general/linux-alphard-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?expand=0

I would really like a one-size fits all solution for this and not a conflicts replaces nightmare for bubblewrap-suid and bubblewrap.

Would anything break where privmode=none such as libwebkit-gtk sandboxing?

joebonrichie added a comment.Jan 14 2021, 12:53 PM

If we _need_ to keep bubblewrap with suid then one solution is to build flatpak with the bundled bubblewrap. Otherwise lower the privmode to none.

joebonrichie triaged this task as Normal priority.EditedJan 14 2021, 1:09 PM
joebonrichie moved this task from Backlog to Package Fixes on the Software board.
This comment has been deleted.
joebonrichie added a revision: D10411: Use bundled bwrap.Jan 22 2021, 10:56 AM
JoshStrobl closed this task as Resolved by committing R766:b92b22254262: Use bundled bwrap.Jan 29 2021, 7:21 AM
JoshStrobl claimed this task.
JoshStrobl added a commit: R766:b92b22254262: Use bundled bwrap.
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.