MagicMirror² v2.12.0 is available! For more information about this release, check out this topic.

After update, chrome-sandbox needs root and mode 4655?



  • Noticed earlier that my MM had crashed for whatever reason - it’s not been touched changed in weeks.

    On reboot, it wanted 44 updates.
    pm2 start mm then showed nothing, with the logs giving an error:

    0|mm       | [10532:0127/132321.643138:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /home/pi/MagicMirror/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.
    

    I did

    sudo chown root /home/pi/MagicMirror/node_modules/electron/dist/chrome-sandbox
    sudo chmod 4755 /home/pi/MagicMirror/node_modules/electron/dist/chrome-sandbox
    

    This seems to have fixed it, with MM now starting correctly.

    What’s caused this, and is the chown/chmod the correct thing todo?



  • Never seen this before



  • The “newer” electron versions are using sandboxing by default. But on master-branch is still the old electron 3.x active.

    So are you using the develop-branch or have you edited package.json und upgraded electron?

    The method to fix this is correct, an alternative way is disable sandboxing, which is not a good idea under security aspects. You can disable sandboxing e.g. by setting the environment variable ELECTRON_DISABLE_SANDBOX=1



  • @karsten13 do you know what version this came in on? I will add the bypass into the automated install and upgrade



  • tested only 3.x, 6.x, 7.x
    In 3.x sandbox was disabled, in >=6.x enabled



  • @karsten13 thx. I tested 6.0.12, and didn’t have problems w sandbox…



  • you tested on a raspberry pi? And with a non-root user?



  • @karsten13 correct



  • node@pi4:/opt/magic_mirror$ npm install
    npm WARN deprecated time-grunt@2.0.0: Deprecated because Grunt is practically unmaintained. Move on to something better. This package will continue to work with Grunt v1, but it will not receive any updates.
    npm WARN deprecated @types/vfile-message@2.0.0: This is a stub types definition. vfile-message provides its own type definitions, so you do not need this installed.
    
    > electron-chromedriver@6.0.0 install /opt/magic_mirror/node_modules/electron-chromedriver
    > node ./download-chromedriver.js
    
    
    > core-js@2.6.11 postinstall /opt/magic_mirror/node_modules/core-js
    > node -e "try{require('./postinstall')}catch(e){}"
    
    
    > console-stamp@0.2.9 postinstall /opt/magic_mirror/node_modules/console-stamp
    > node ./msg.js
    
    Attention
        Console-stamp version 3.0.0 Release Candidate is out. Install by using the tag '@next'. NB: Breaking changes.
        For more details goto: https://www.npmjs.com/package/console-stamp/v/next
    
    
    > electron@6.0.12 postinstall /opt/magic_mirror/node_modules/electron
    > node install.js
    
    Downloading tmp-433-1-SHASUMS256.txt-6.0.12
    [============================================>] 100.0% of 5.2 kB (5.2 kB/s)
    
    > magicmirror@2.10.0 install /opt/magic_mirror
    > cd vendor && npm install
    
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})
    
    audited 220 packages in 4.267s
    found 5 vulnerabilities (4 low, 1 high)
      run `npm audit fix` to fix them, or `npm audit` for details
    
    > magicmirror@2.10.0 postinstall /opt/magic_mirror
    > sh untrack-css.sh && sh installers/postinstall/postinstall.sh && npm run install-fonts
    
    MagicMirror installation successful!
    
    > magicmirror@2.10.0 install-fonts /opt/magic_mirror
    > cd fonts && npm install
    
    audited 1 package in 0.716s
    found 0 vulnerabilities
    
    npm WARN grunt-stylelint@0.13.0 requires a peer of stylelint@^12.0.0 but none is installed. You must install peer dependencies yourself.
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.2 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})
    
    added 1056 packages from 1151 contributors and audited 2946 packages in 119.117s
    
    52 packages are looking for funding
      run `npm fund` for details
    
    found 0 vulnerabilities
    
    node@pi4:/opt/magic_mirror$ npm start
    
    > magicmirror@2.10.0 start /opt/magic_mirror
    > ./run-start.sh
    
    [516:0131/000550.394975:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/magic_mirror/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755.
    


  • node@pi4:/opt/magic_mirror$ cat package.json
    {
      "name": "magicmirror",
      "version": "2.10.0",
      "description": "The open source modular smart mirror platform.",
      "main": "js/electron.js",
      "scripts": {
        "start": "./run-start.sh",
        "install": "cd vendor && npm install",
        "install-fonts": "cd fonts && npm install",
        "postinstall": "sh untrack-css.sh && sh installers/postinstall/postinstall.sh && npm run install-fonts",
        "test": "NODE_ENV=test ./node_modules/mocha/bin/mocha tests --recursive",
        "test:unit": "NODE_ENV=test ./node_modules/mocha/bin/mocha tests/unit --recursive",
        "test:e2e": "NODE_ENV=test ./node_modules/mocha/bin/mocha tests/e2e --recursive",
        "config:check": "node tests/configs/check_config.js",
        "lint": "grunt"
      },
      "repository": {
        "type": "git",
        "url": "git+https://github.com/MichMich/MagicMirror.git"
      },
      "keywords": [
        "magic mirror",
        "smart mirror",
        "mirror UI",
        "modular"
      ],
      "author": "Michael Teeuw",
      "contributors": [
        "https://github.com/MichMich/MagicMirror/graphs/contributors"
      ],
      "license": "MIT",
      "bugs": {
        "url": "https://github.com/MichMich/MagicMirror/issues"
      },
      "homepage": "https://magicmirror.builders",
      "devDependencies": {
        "chai": "^4.1.2",
        "chai-as-promised": "^7.1.1",
        "current-week-number": "^1.0.7",
        "danger": "^3.1.3",
        "grunt": "latest",
        "grunt-eslint": "latest",
        "grunt-jsonlint": "latest",
        "grunt-markdownlint": "latest",
        "grunt-stylelint": "latest",
        "grunt-yamllint": "latest",
        "http-auth": "^3.2.3",
        "jsdom": "^11.6.2",
        "jshint": "^2.10.2",
        "mocha": "^7.0.0",
        "mocha-each": "^1.1.0",
        "mocha-logger": "^1.0.6",
        "spectron": "^8.0.0",
        "stylelint": "latest",
        "stylelint-config-standard": "latest",
        "time-grunt": "latest"
      },
      "optionalDependencies": {
        "electron": "6.0.12"
      },
      "dependencies": {
        "colors": "^1.1.2",
        "console-stamp": "^0.2.9",
        "express": "^4.16.2",
        "express-ipfilter": "^1.0.1",
        "feedme": "latest",
        "helmet": "^3.21.2",
        "iconv-lite": "latest",
        "lodash": "^4.17.15",
        "module-alias": "^2.2.2",
        "moment": "latest",
        "request": "^2.88.0",
        "rrule": "^2.6.2",
        "rrule-alt": "^2.2.8",
        "simple-git": "^1.85.0",
        "socket.io": "^2.1.1",
        "valid-url": "latest"
      },
      "_moduleAliases": {
        "node_helper": "js/node_helper.js"
      }
    }
    

Log in to reply