Sandbox on Ubuntu Linux

steveinaustria · January 7, 2025, 10:46am

I am using the IDE 2.3.4 on a Ubuntu 24.04 OS. When I updated the the OS from 23.10 to 2.04 I had issues running the Arduino IDE's (I also use arduino-lab-micropython-ide). The IDE wouldn't start and gave a warning that the sandbox wasn't configured correctly. It turned out that the issue came from Ubuntu 24.04 deprecating unprivileged kernel namespaces, which the Arduino IDE (and other applications) rely on for their sandboxes. I requested help from the Ask Ubuntu website, you can see the correspondence here.

I fixed the issue and since then have updated my IDE at least twice and have never had the problem again. I am getting old and have forgotten how I fixed the issue, although it was NOT using the --no-sandbox solution.

So now to my question: how can I check that my Arduino IDE is running in a sandbox and is correctly configured securitywise?

ptillisch · January 7, 2025, 11:03am

Hi @steveinaustria. You can do this by creating an AppArmor policy for Arduino IDE. A community member shared a policy here:

https://github.com/arduino/arduino-ide/issues/2429#issuecomment-2099775010

Note that on this line of the policy:

profile arduino /usr/local/bin/arduino flags=(unconfined) {

The policy is configured to apply to an Arduino IDE installation where the IDE executable is at the path /usr/local/bin/arduino. If the executable is at a different location on your computer then replace the /usr/local/bin/arduino on that line with the path to the executable.

steveinaustria · January 7, 2025, 11:22am

Hi ptillisch, thanks for the prompt reply. That link is to a solution copied directly from my correspondence with Ask Ubuntu which I linked to in the OP. I must have used one of the solutions offered because as I wrote I have updated my IDE twice since and never had the problem again. Did I disable the sandboxing restriction or reload an edited AppArmor?

My issue now is how can I check that the IDE is really operating in a sandbox as it should.

ptillisch · January 7, 2025, 11:29am

It is the other way around. The answer on StackExchange was copied from the GitHub issue (the issue comment was even linked to as the source in the answer).

Check the contents of the /etc/apparmor.d/ folder on your computer to see if you find a policy file there for Arduino IDE.

steveinaustria · January 7, 2025, 11:51am

Ok, but the point I was making was that I was aware of this when I asked the OP above.

There is no policy for the Arduino under /etc/apparmor.d.

The IDE is running fine, I just started to worry because I couldn't remember how I fixed the issue and I thought that maybe the IDE could somehow report on its sandbox properties.

But as it is a Linux issue anyway this is probably the wrong forum. Thanks for your help.

Topic		Replies	Views
Linux install issues IDE 2.x	9	5674	December 21, 2021
Install Arduino 2.0 IDE 2.x	6	2300	July 28, 2022
Chrome-sandbox error in IDE 2.3 in Ubuntu 24.04 IDE 2.x	4	6253	November 16, 2024
Problem running Arduino 2.0 on Ubuntu IDE 2.x	11	730	April 22, 2023
IDE Launch Fails: "sandbox helper binary was found, but is not configured correctly" IDE 2.x	3	921	March 20, 2025

Sandbox on Ubuntu Linux

Related topics