Hey, thanks for the detailed report. This is a known class of issues with the sandbox and AppArmor on newer Linux kernels, especially when apparmor_restrict_unprivileged_userns = 1.
The loopback lookup failure at step 2.5/7 is likely happening because the sandbox can’t set up a network namespace under your current AppArmor restrictions. A few things to try:
- Create an AppArmor profile for Cursor at
/etc/apparmor.d/cursor-system:
abi <abi/4.0>,
include <tunables/global>
profile cursor-system "/usr/share/cursor/cursor" flags=(unconfined) {
userns,
include if exists <local/cursor>
}
Then load it:
sudo apparmor_parser -r /etc/apparmor.d/cursor-system
- Check for and remove any stale sandbox profile:
sudo aa-status | grep cursor
If cursor_sandbox shows up:
sudo apparmor_parser -R /etc/apparmor.d/cursor_sandbox
sudo rm /etc/apparmor.d/cursor_sandbox
sudo systemctl restart apparmor
- Set the setuid bit on the sandbox binary:
sudo chmod 4755 /usr/share/cursor/resources/app/resources/helpers/cursorsandbox
Restart Cursor after all steps.
This has worked for several other Linux users with similar setups. More context here:
I flagged the specific loopback error with the team. It’s a new variant we haven’t seen before in VMware environments. Let me know if the above helps.