After upgrading to 24.04, neither the Outline Client nor Outline Manager appimages works any more.
I did install libfuset64 as recommended in other places, but I get SUID permission errors.
$ ./Outline-Client.AppImage
[584847:1001/220953.594798:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_Outlintr1Gf9/chrome-sandbox is owned by root and has mode 4755.
[1] 584847 trace trap (core dumped) ./Outline-Client.AppImage
If I run outline with ./Outline-Client.AppImage --no-sandbox then it works perfectly fine, but this is supposed to be much less secure.
I'm wondering if there is a way to run outline without having to use the --no-sandbox flag
We should not disable AppArmor's user namespace restrictions completety on our system as suggested in the answer to this question since this would create security issues, please see this blog.
A better way is to create an apparmor profile which allows the specific application to make use of unprivileged usernamespaces.
Create the file
/etc/apparmor.d/ooutline-clientwith the following content:Replace
/path/to/Outline-Client.AppImagewith the path to your appimage.After saving the file run
sudo systemctl reload apparmor.serviceto reload all apparmor profiles.Done, enjoy your appimage...
Note: Moving the appimage to a different location later or changing it's name makes it neccessary to update your apparmor profile with the correct path and reload the apparmor profiles.
The apparmor package will never provide profiles for appimages because appimages are stored in arbitrary locations. We have to create our own profile. I tested this method with several appimages, it works pretty well.