Appimage release: '--install' fails to set caps due to fuse-mount permissions #3252
Comments
|
This is a known issue, although I don't think it was in our bug tracker. Thanks for reporting. Unfortunately I don't know how to fix. This was one idea, but I don't think it's the right approach. #2300 |
|
AFAICT the only "right" approaches are a: Don't use appimage or b: Don't use funky permissions. i.e. AppImageKit/issues/881 You're trying to evade fairly sensible security restrictions, with both packaging formats and the use of cap_sys_admin in general. This is going to keep causing problems. |
|
Would be nice to not have to use setcap, but our current wayland implementation requires it (X11 doesn't). You're welcome to submit a PR migrating wayland to the new flavor of desktop capture. #2955 (comment) |
and others
Is there an existing issue for this?
Is your issue described in the documentation?
Is your issue present in the latest beta/pre-release?
This issue is present in the latest pre-release
Describe the Bug
Following the documentation WRT the latest prerelease appimage:
$ ./sunshine.AppImage --installPassword:KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"KERNEL=="uhid", TAG+="uaccess"Failed to set capabilities on file '/tmp/.mount_sunshiH3L3t0/usr/bin/sunshine-v2024.930.214046': Permission deniedAppimage fuse mounts do not allow other users by default, and that includes root.
$ sudo ./sunshine.AppImage --installKERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", TAG+="uaccess"KERNEL=="uhid", TAG+="uaccess"Failed to set capabilities on file '/tmp/.mount_sunshiCkDmP5/usr/bin/sunshine-v2024.930.214046': Read-only file systemAppimage fuse mounts are read-only, because appimage is a squashfs. Nobody actually tested any of this, did they?
Expected Behavior
Installation steps in the documentation work as described for the appimage release. (./sunshine.AppImage --install, sudo setcap cap_sys_admin+p$(readlink -f $ (which sunshine))
Additional Context
Bonus bug, while filing out this report:
'/tmp/.mount_sunshivHk1IP/usr/bin/sunshine-v2024.930.214046 --help' says:
'--version | print the version of sunshine'
'/tmp/.mount_sunshivHk1IP/usr/bin/sunshine-v2024.930.214046 --version' says:
...Several things, none of which is the version number.
Host Operating System
Linux
Operating System Version
Gentoo Linux 2.15
Architecture
64 bit
Sunshine commit or version
2024.930.214046
Package
Linux - AppImage
GPU Type
AMD
GPU Model
RX 6700 XT
GPU Driver/Mesa Version
24.1.7
Capture Method
KMX (Linux)
Config
fps = [10,30,60,75] resolutions = [ 352x240, 480x360, 858x480, 1280x720, 1920x1080 ] capture = kms channels = 2 back_button_timeout = 1000 min_log_level = 3 origin_web_ui_allowed = pc encoder = vaapiApps
No response
Relevant log output
The text was updated successfully, but these errors were encountered: