Introduction
If you’re trying to run the Cursor AI Code Editor on Linux while keeping the sandbox enabled for security, you might run into errors like:
1
2
3
4
5
6
| The setuid sandbox is not running as root. Common causes:
* An unprivileged process using ptrace on it, like a debugger.
* A parent process set prctl(PR_SET_NO_NEW_PRIVS, ...)
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[FATAL:zygote_host_impl_linux.cc(207)] Check failed: . : Invalid argument (22)
Trace/breakpoint trap (core dumped)
|
This issue occurs because AppImages rely on the Chromium sandbox, which requires special permissions to run correctly. In this guide, I’ll walk you through the correct way to install and run Cursor with sandboxing enabled, ensuring both security and functionality.
Step 1: Download and Extract the AppImage
Instead of running the AppImage directly, we’ll extract its contents and move it to a proper location.
Make the file executable:
1
| chmod +x Cursor-0.48.7-x86_64.AppImage
|
1
| ./Cursor-0.48.7-x86_64.AppImage --appimage-extract
|
This creates a folder named squashfs-root containing all the application files.
1
| sudo mv squashfs-root /opt/cursor
|
Step 2: Fix Sandbox Permissions
To enable the sandbox, we need to fix permissions for the chrome-sandbox file:
Find the correct sandbox file:
1
| find /opt/cursor -name "chrome-sandbox"
|
It should be located at:
1
| /opt/cursor/usr/share/cursor/chrome-sandbox
|
Change ownership and set permissions:
1
2
| sudo chown root /opt/cursor/usr/share/cursor/chrome-sandbox
sudo chmod 4755 /opt/cursor/usr/share/cursor/chrome-sandbox
|
Step 3: Create a Desktop Entry for Cursor
To make Cursor appear in your application launcher, create a .desktop entry:
Open the file in a text editor:
1
| nano ~/.local/share/applications/cursor.desktop
|
Paste the following content:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| [Desktop Entry]
Name=Cursor
Comment=The AI Code Editor.
GenericName=Text Editor
Exec=/opt/cursor/AppRun
Icon=/opt/cursor/usr/share/icons/hicolor/256x256/apps/cursor.png
Type=Application
StartupNotify=false
StartupWMClass=Cursor
Categories=TextEditor;Development;IDE;
MimeType=application/x-cursor-workspace;
Actions=new-empty-window;
Keywords=cursor;
Terminal=false
X-AppImage-Version=0.48.7
[Desktop Action new-empty-window]
Name=New Empty Window
Name[de]=Neues leeres Fenster
Name[es]=Nueva ventana vacía
Name[fr]=Nouvelle fenêtre vide
Name[it]=Nuova finestra vuota
Name[ja]=新しい空のウィンドウ
Name[ko]=새 빈 창
Name[ru]=Новое пустое окно
Name[zh_CN]=新建空窗口
Name[zh_TW]=開新空視窗
Exec=cursor --new-window %F
Icon=co.anysphere.cursor
|
Save and exit:
- For
nano, press CTRL + X, then Y, and finally Enter.
- For
vim, press Esc, type :wq, and hit Enter.
Make it executable and update the desktop database:
1
| chmod +x ~/.local/share/applications/cursor.desktop
|
Update the desktop database:
1
| update-desktop-database ~/.local/share/applications/
|
Update the icon cache:
Step 4: Verify and Run Cursor
You can now find Cursor in your application launcher. Click on it to run the editor with sandboxing enabled.
Check if the sandbox is working:
1
| cat /proc/$(pgrep -n cursor)/status | grep CapEff
|
If the output shows 0000000000000000, the sandbox is working correctly. If not, it might be running without sandboxing.
Test if Cursor launches successfully:
Test the new window feature:
Conclusion
By following these steps, you’ve successfully installed Cursor with sandbox enabled, improving both security and integration with your system.
This method ensures that Cursor runs just like a native app, without needing to disable important security features. Now, you can enjoy AI-powered coding in a safe environment!
Done!
Hi there 👋 Support me!
Life is an echo—what you send out comes back.
