Testing GDB Debugger In Flathub Shell

1

My development team is working on version 0.9.11 for Greenery, here on Flathub. It is a Node / Electron based app.

I have created local builds of 0.9.11 with flatpak but the Greenery app bombs out before it can load the App Window. I can download the v0.9.10 version from Flathub and the app runs fine.

I have been successful in running GDB in the Flathub Shell for Greenery with this command:

flatpak run --command=sh --devel io.greenfire.Greenery -c ‘set -m; gdb --args /app/main/greenery’

From the shell I can do:

Enable debuginfod for this session (Y)

Then I run Greenery inside GDB:
(gdb) run
Starting program: /app/main/greenery
[Thread debugging using libthread_db enabled]
Using host libthread_db library “/usr/lib/x86_64-linux-gnu/libthread_db.so.1”.
[New Thread 0x7fffec4006c0 (LWP 15)]
[Detaching after fork from child process 16]
[12:1118/182528.981166:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I’m aborting now. You need to make sure that /app/main/chrome-sandbox is owned by root and has mode 4755.

Thread 1 “greenery” received signal SIGTRAP, Trace/breakpoint trap.
0x000055555a57046f in ?? ()

[2]+ Stopped flatpak run --command=sh --devel io.greenfire.Greenery -c ‘set -m; gdb --args /app/main/greenery’
lexton@fedora:~/Development/flathub-repo/io.greenfire.Greenery$ [16:1118/182529.001925:WARNING:resource_bundle.cc(450)] locale_file_path.empty() for locale

So it looks like a sandbox issue and I’ve have seen other Electron app come across this issue:

Rather than run without sandboxing I’m aborting now. You need to make sure that /app/main/chrome-sandbox is owned by root and has mode 4755.

So should I look in to setting root as mode 4755 for the chrome-sandbox, this does not seem like the secure option for Flathub.

I also should note that compiling code from older version of Greenery like v0.9.9 also fail to run, so is this related to my npm dependencies and an update on the Flathub side?

Is anyone else with Electron apps coming across issues similar to this? Also please let me know how I should proceed.

Here is the Greenery Flathub PR for v0.9.11:

https://github.com/flathub/io.greenfire.Greenery/pulls

2

Has anyone done Electron debugging with GDB inside the Flathub Shell? Should I be using a different debugger that works better with Electron?

My Greenery Local Flathub builds were working fine with versions prior to v0.9.9, so I’m trying to narrow down what could be the issue. I’ve also tried remote builds within the PR but these fail to launch.

Is it worth looking in to implementing chrome-sandbox as owned by root? This does not seem like the best path.

I’m looking in to testing with more recent versions of Electron and Node and maybe update some of my dependencies. Has there been any updates to Flathub that are related to Node and Electron?

3

Some other things I would like to point out is that I’ve tried to disable the Sandbox for Electron through the Flathub Manifest and also through flatpak arguments but it doesn’t appear to be working, I still get the same chrome root sandbox error.

I also found this:

Chromium Patches: Be aware that Chromium-based Flatpaks now ship with custom patches to adapt Chromium’s sandbox to the Flatpak sandbox. These patches might affect your app’s behavior and security

See Reference Link: Chromium and the flatpak sandbox - Platform - GNOME Discourse

There is also Portals which references Electron specifically:

Portals: Flatpak uses a concept called portals to allow applications to access host resources securely. Ensure your app is using the latest GTK+ or Qt versions that support these portals[4]
(https://www.reddit.com/r/linux/comments/9n50ba/lets_see_why_flatpak_and_sandboxing_are_awesome/).