Hello,
I’m kind of new with Cursor. I just installed Cursor IDE (version 3) on my Ubuntu machine and noticed that there is no Sandbox option in the Agents / Auto Run mode. I do see this option out of the box on my Mac (with the same version), but not on my Ubuntu. I don’t know if there is anything I need to do on my Ubuntu machine to enable this option. Thanks!
hey @Dang_Tran, sorry you had this issue, on Linux, allowlist (with sandbox) only appears if the IDE’s sandbox preflight passes, and for that, you need to install the AppArmor or kernel setup for it to work, see Terminal | Cursor Docs , download at least the 0.6.0 version, if this doesn’t fix the issue, feel free to come back to us!
Hey, everything’s fine here. This is expected behavior, not a bug.
On Linux, the Sandbox option in Auto-Run only shows up if the sandbox preflight passes. On Ubuntu, especially 24.04+, the default AppArmor restriction on unprivileged user namespaces hides it, so you see the option on Mac but not on Ubuntu.
@Tom_Coustols is right. You need to apply the AppArmor and kernel setup from this guide Terminal | Cursor Docs in the sandbox/AppArmor section, and use Cursor version 0.6.0 or newer. After installing, fully restart Cursor.
If the option still doesn’t show up, please check these and send the results:
uname -r the kernel should be 6.2 or newercat /proc/sys/kernel/apparmor_restrict_unprivileged_userns if it returns 1, the AppArmor package is requiredLet me know how it goes.
Thank you for replying. It doesn’t seem to work on my end. I followed the instruction and installed AppArmor, but I still haven’t seen the sandbox option yet.
I’m using Ubuntu 24.04. These are some info from my machine, please let me know what else I should provide or set up.
uname -r
6.17.0-29-generic
cat /proc/sys/kernel/apparmor_restrict_unprivileged_userns
0
Good news. Since the Allowlist (with Sandbox) option shows up in the Agents Window, your sandbox preflight is passing. Kernel 6.17 and apparmor_restrict_unprivileged_userns=0 also look fine, so the setup is working.
If the option is visible in the Agents Window but not in the Editor Window, it’s likely a stale state. The Editor Window may have cached the sandbox check result before you installed the AppArmor package. Try fully quitting Cursor, not Reload Window, then open it again. After that, the Editor Window should re-check sandbox support.
If the option still doesn’t show up in the Editor Window after a full restart, please share:
Let me know how it goes.
Thanks, I was able to enable Sandbox run mode 
I asked Cursor to do debugging on my machine. The preflight check was false. It turned out that I needed to comment out some lines in /etc/apparmor.d/cursor-sandbox since the Apparmor on my machine is version 4. Cursor placed a bash script to fix sandbox apparmor configuration. I’m not an expert in these areas so cannot fully explain in details. But it works now. Thanks!
Cursor and AI are amazing!
Great, glad it’s working, and thanks for coming back with the fix details, that’s really helpful for other users on AppArmor 4.
If you can, could you share exactly which lines in /etc/apparmor.d/cursor-sandbox you had to comment out, plus the output of apparmor_parser --version or cat /sys/module/apparmor/parameters/ if you have it handy. The shipped profile looks like it’s not fully compatible with AppArmor 4, and your details will help us fix it on our side so others won’t need to edit it manually.
I’m happy to share.
I uncommented the userns in /etc/apparmor.d/cursor-sandbox
## Uncomment this on AppArmor 4.0
#userns,
And my apparmor parser version is 4.0.1
apparmor_parser --version
AppArmor parser version 4.0.1
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2018 Canonical Ltd.
Thanks, this is exactly what I needed. It confirms that on AppArmor 4.0.x, in the shipped profile /etc/apparmor.d/cursor-sandbox, the userns, line is still commented out, so preflight fails until you uncomment it manually.
I passed the details (Ubuntu 24.04, kernel 6.17, apparmor_parser 4.0.1, uncommented #userns,) to the team so the profile works correctly on AppArmor 4 out of the box and doesn’t require manual edits.
Glad it’s working. If anything else comes up with the sandbox on that machine, just message me.
Thank you for your support
nice, glad it’s all fixed!