How to fix "No usable sandbox! Update your kernel... If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox." Unity error on Ubuntu 24.04

00-unity-sandbox-error-ubuntu24.04.md

New apparmor strict policies

The recent LTS release of Ubuntu introduced some more strict apparmor policies that are affecting many packages. To fix it is quite simple, add a file so apparmor don't deny Unityhub actions.

You can do it by yourself or use the script utility I wrote. For the script checkout Using the script

Commands to fix it manually

If you installed using the .deb distribution, your Unity Hub binary file is probably at /opt/unityhub/unityhub-bin, so you can just copy-paste the snippet to /etc/apparmor.d/unityhub

You should open it as root/with sudo and your text editor of preference:
sudo vim /etc/apparmor.d/unityhub
or
sudo nano /etc/apparmor.d/unityhub
or
sudo gedit /etc/apparmor.d/unityhub
and so on...

Write the following (assuming your Unity Hub binary path is /opt/unityhub/unityhub-bin which is the default, otherwise change it to match your binary path):

abi <abi/4.0>,
include <tunables/global>

profile unityhub /opt/unityhub/unityhub-bin flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/unityhub>
}

Now restart apparmor
sudo systemctl restart apparmor.service
Check if everything is ok
systemctl status apparmor.service
If so then you are good to go!

Using the script

You can use the script to write the apparmor rule for you:

First download it

wget 'https://gist.githubusercontent.com/0xdeadbad/5ef3a38c8cf6efc264d9a6f11f50e5b8/raw/4cad833d3f22a9715e337994434bf89be31ac102/apparmor-addrule.sh'

Make it executable

chmod +x ./apparmor-addrule.sh

Run it with the desired executable, it works with any executable (must be run as root/with sudo):

sudo ./apparmor-addrule.sh /opt/unityhub/unityhub-bin

You can use only the executable name that is in $PATH, but for unity specifically /opt/unityhub/unityhub-bin isn't in $PATH, so use the full binary path (OBS.: /opt/unityhub/unityhub is a shell script that invokes /opt/unityhub/unityhub-bin).

Now restart apparmor
sudo systemctl restart apparmor.service
Check if everything is ok
systemctl status apparmor.service
If so then you are good to go!

01-apparmor-addrule.sh

#!/usr/bin/env bash

set -e

if [ "$EUID" -ne 0 ]
  then echo "Please run as root / with sudo"
  exit
fi


if [[ -z "${1+x}" ]]; then
    >&2 echo "you need to pass the executable file/path as the first argument"
    exit 1
fi

if [[ -n "${2+x}" ]]; then
    pathchk --portability "$2"
    _APPARMOR_FILEDEST="/etc/apparmor.d/$2"
fi

_FILENAME="$1"

pathchk --portability "$_FILENAME" && (which "$_FILENAME" > /dev/null || >&2 echo "could not locate path of $_FILENAME") || exit 1

_FILEPATH="$(which "$_FILENAME")"
FILEPATH="$(realpath "$_FILEPATH")"
FILE_BASENAME="$(basename "$FILEPATH")"

FILEPATH_SANITIZED="${FILEPATH// /\\ /}"
FILE_BASENAME_SANITIZED="${FILE_BASENAME// /\\ /}"

if [[ -z "${2+x}" ]]; then
    _APPARMOR_FILEDEST="/etc/apparmor.d/$FILE_BASENAME"
fi

pathchk --portability "$_APPARMOR_FILEDEST"

APPARMOR_FILEPATH="$_APPARMOR_FILEDEST"

if [[ -f "$APPARMOR_FILEPATH" ]]; then
    >&2 echo "apparmor file $APPARMOR_FILEPATH already exists"
    >&2 echo "please check the file $APPARMOR_FILEPATH and ONLY delete it if you are sure it has something incorrect or doesn't belong to another apparmor rule"
    >&2 echo "this script won't overwrite the destination file $APPARMOR_FILEPATH for security purposes, you should do it manually"
    >&2 echo "as an alternative you can provide a second argument as the destination apparmor file"

    exit 1
fi

envsubst '$FILEPATH_SANITIZED,$FILE_BASENAME_SANITIZED' <<EOT > "$APPARMOR_FILEPATH"
abi <abi/4.0>,
include <tunables/global>

profile $FILE_BASENAME_SANITIZED $FILEPATH_SANITIZED flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/$FILE_BASENAME_SANITIZED>
}
EOT

[ 8792.968517] audit: type=1107 audit(1717559637.553:428): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 8811.325539] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 8811.669227] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 8984.362565] audit: type=1107 audit(1717559828.947:429): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 8990.025063] audit: type=1107 audit(1717559834.609:430): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9056.029205] audit: type=1400 audit(1717559900.613:431): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/gnutls/config" pid=19222 comm="pingsender" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 9056.672303] audit: type=1400 audit(1717559901.256:432): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/gnutls/config" pid=19222 comm="pingsender" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 9193.000518] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 9193.352036] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 9202.016941] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 9202.355465] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 9367.910032] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 9368.258795] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 9376.533633] audit: type=1107 audit(1717560221.118:433): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.7" pid=21804 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9376.985485] audit: type=1107 audit(1717560221.570:434): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.200" pid=21804 label="snap.firefox.firefox" peer_pid=21958 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9377.027535] audit: type=1107 audit(1717560221.612:435): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.200" pid=21804 label="snap.firefox.firefox" peer_pid=21958 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9411.120410] audit: type=1400 audit(1717560255.705:436): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/fstab" pid=21804 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 9411.358762] audit: type=1107 audit(1717560255.943:437): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.209" pid=21804 label="snap.firefox.firefox" peer_pid=22309 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9411.360231] audit: type=1107 audit(1717560255.945:438): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.209" pid=21804 label="snap.firefox.firefox" peer_pid=22309 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9422.586317] audit: type=1400 audit(1717560267.171:439): apparmor="DENIED" operation="exec" class="file" profile="snap.firefox.firefox" name="/run/user/1000/doc/846faee7/unityhub" pid=22364 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
[ 9686.376501] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 9686.720243] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 9697.052491] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000).
[ 9697.390998] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110)
[ 9714.975829] audit: type=1107 audit(1717560559.561:440): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9714.976022] audit: type=1107 audit(1717560559.561:441): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9714.978131] audit: type=1107 audit(1717560559.563:442): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'
[ 9733.639429] audit: type=1107 audit(1717560578.225:443): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'

[ 8792.968517] audit: type=1107 audit(1717559637.553:428): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 8811.325539] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 8811.669227] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 8984.362565] audit: type=1107 audit(1717559828.947:429): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 8990.025063] audit: type=1107 audit(1717559834.609:430): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="PropertiesChanged" name=":1.7" mask="receive" pid=14060 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9056.029205] audit: type=1400 audit(1717559900.613:431): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/gnutls/config" pid=19222 comm="pingsender" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 9056.672303] audit: type=1400 audit(1717559901.256:432): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/gnutls/config" pid=19222 comm="pingsender" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 9193.000518] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 9193.352036] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 9202.016941] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 9202.355465] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 9367.910032] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 9368.258795] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 9376.533633] audit: type=1107 audit(1717560221.118:433): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.7" pid=21804 label="snap.firefox.firefox" peer_pid=881 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9376.985485] audit: type=1107 audit(1717560221.570:434): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.200" pid=21804 label="snap.firefox.firefox" peer_pid=21958 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9377.027535] audit: type=1107 audit(1717560221.612:435): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.200" pid=21804 label="snap.firefox.firefox" peer_pid=21958 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9411.120410] audit: type=1400 audit(1717560255.705:436): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/fstab" pid=21804 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 9411.358762] audit: type=1107 audit(1717560255.943:437): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.209" pid=21804 label="snap.firefox.firefox" peer_pid=22309 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9411.360231] audit: type=1107 audit(1717560255.945:438): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.209" pid=21804 label="snap.firefox.firefox" peer_pid=22309 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9422.586317] audit: type=1400 audit(1717560267.171:439): apparmor="DENIED" operation="exec" class="file" profile="snap.firefox.firefox" name="/run/user/1000/doc/846faee7/unityhub" pid=22364 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 [ 9686.376501] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 9686.720243] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 9697.052491] [drm] PCIE GART of 256M enabled (table at 0x000000F400000000). [ 9697.390998] amdgpu 0000:05:00.0: [drm:amdgpu_ring_test_helper [amdgpu]] ERROR ring comp_1.0.1 test failed (-110) [ 9714.975829] audit: type=1107 audit(1717560559.561:440): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9714.976022] audit: type=1107 audit(1717560559.561:441): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9714.978131] audit: type=1107 audit(1717560559.563:442): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?' [ 9733.639429] audit: type=1107 audit(1717560578.225:443): pid=854 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.233" pid=21804 label="snap.firefox.firefox" peer_pid=25046 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=101 hostname=? addr=? terminal=?'

Could you show the output ls -la /home to check the permissions?

can you check?

can you check?

Sure, could you try running sudo chmod o+rx $USER and check if the problem persists?

the problem still persists.

Thanks

the problem still persists.

Thanks

For instance I had read here https://forum.snapcraft.io/t/firefox-permission-issue-in-ubuntu-22-04-1/31348/7. Other articles suggest the same.

It looks like a problem with snap... You could try using another browser or reinstall Firefox without snap .

For now I need to rest, but you can contact me on email at [email protected]

Hi Mate,

I just need to restart my pc and then it works.

Thank you for your help.

Really nice! Works flawlessly

Thank you so much!

Worked really well for me, thanks for sharing this.

Omg, I was stuck in this problem with no solution for like 3 days, you saved my life, thank you stranger!! You're amazing!!

Thanks you so much, worked well

Thanks, the solution worked well.

This worked well for me. Thank you so much!

It worked. Thank you @0xdeadbad

thanks bud , it worked , much appreciated .