Terminal Sandbox Issue Linux

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Terminal sandbox is not working. When I open Cursor IDE I get this error on the left down part of the screen : Terminal sandbox could not start. This may be caused by an AppArmor configuration on your Linux system (kernel 6.2+). See the documentation for how to resolve this.

I tried to follow documentation, but it didn’t resolve my issue. I restarted IDE, my laptop, internet etc multiple times. Deleted and installed from zero. Still same error. What is more interesting is that it was working just fine, then I switched to another folder project and it just stopped working at all in every other project as well. Nothing changed on my laptop. I will attach screenshots, when I ask in Cursor chat to run some command it doesn’t even output the command so I can run it. Whats interesting is that it doesn’t work for specific model

Steps to Reproduce

Open Cursor and try to ask agent to run some command.

Screenshots / Screen Recordings

Screenshot from 2026-02-26 02-51-13.png601×1850 13 KB

Operating System

Linux

Version Information

Version: 2.5.25
VSCode Version: 1.105.1
Commit: 7150844152b426ed50d2b68dd6b33b5c5beb73c0
Date: 2026-02-24T07:17:49.417Z
Build Type: Stable
Release Track: Default
Electron: 39.4.0
Chromium: 142.0.7444.265
Node.js: 22.22.0
V8: 14.2.231.22-electron.0
OS: Linux x64 6.17.0-14-generic

Does this stop you from using Cursor

Yes - Cursor is unusable

Hey, this is a known issue with AppArmor on newer Linux kernels (6.2+). A few things to try:

1. Check if there’s a stale AppArmor profile loaded:

sudo aa-status | grep cursor

If you see cursor_sandbox listed, unload it:

sudo apparmor_parser -R /etc/apparmor.d/cursor_sandbox
sudo rm /etc/apparmor.d/cursor_sandbox
sudo systemctl restart apparmor

2. Create a proper AppArmor profile for Cursor:

Create /etc/apparmor.d/cursor-system with this content:

abi <abi/4.0>,
include <tunables/global>
profile cursor-system "/usr/share/cursor/cursor" flags=(unconfined) {
  userns,
  include if exists <local/cursor>
}

Then load it:

sudo apparmor_parser -r /etc/apparmor.d/cursor-system

3. Make sure the sandbox binary has the right permissions:

sudo chmod 4755 /usr/share/cursor/resources/app/resources/helpers/cursorsandbox

Restart Cursor after all of this.

This has been resolved for several other Linux users with similar setups. For more context, see this thread: `cursor-sandbox` binary missing setuid bit breaks extensions and this one: Linux AppArmor regression after Cursor update: sandbox helper rename breaks Remote SSH

Also, which distro are you on? Ubuntu?

Let me know if this helps.

I had Claude Code run through a lot of this stuff for me, I believe all of your suggestions, and I wasn’t able to get a resolution to the problem. Full notes here: Terminal sandbox could not start - #7 by jarrett

Same issue here, followed your instructions and they didn’t solve the issue.

lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.4 LTS
Release:	24.04
Codename:	noble

cursor --version
2.5.26
7d96c2a03bb088ad367615e9da1a3fe20fbbc6a0
x64

Have the same issue, suggested solution didn’t help. Ubuntu 24.04.4 LTS

Same here.

Hitting this issues as well!

same here

Same issue here on Zorin OS 18 (Ubuntu 24.04 base), kernel 6.17.0-14-generic, Cursor 2.5.25.

I spent a while debugging this and wanted to document everything for anyone else who hits it.

Diagnosis

Running sudo journalctl -xe | grep -i apparmor | grep cursor | grep DENIED revealed that the official AppArmor profile shipped in cursor-sandbox-apparmor.deb is incomplete. It is missing several rules that the sandbox actually requires. The denials I saw were:

1. capability dac_override — missing from the profile entirely
2. network unix stream / network unix dgram — no network rules at all in the profile
3. network netlink raw — also required but not included

What I tried

I progressively updated /etc/apparmor.d/cursor-sandbox to add the missing rules, reloading with sudo apparmor_parser -r /etc/apparmor.d/cursor-sandbox each time. Each fix resolved one layer of denials but revealed the next. Even after adding all of the above, the sandbox still failed to start.

The profile I ended up with (still not working):

abi <abi/4.0>,
include <tunables/global>

profile cursor_sandbox /usr/share/cursor/resources/app/resources/helpers/cursorsandbox {
  file,
  /** ix,
  network unix,
  network netlink raw,
  capability sys_admin,
  capability chown,
  capability setuid,
  capability setgid,
  capability setpcap,
  capability dac_override,
  userns,
  mount,
  remount,
  umount,
  /usr/share/cursor/resources/app/resources/helpers/cursorsandbox mr,
}

profile cursor_sandbox_remote /home/*/.cursor-server/bin/*/*/resources/helpers/{cursor-sandbox,cursorsandbox} {
  file,
  /** ix,
  network unix,
  network netlink raw,
  capability sys_admin,
  capability chown,
  capability setuid,
  capability setgid,
  capability setpcap,
  capability dac_override,
  userns,
  mount,
  remount,
  umount,
  /home/*/.cursor-server/bin/*/*/resources/helpers/{cursor-sandbox,cursorsandbox} mr,
}

Note: the install path on my system is /usr/share/cursor/ not /opt/Cursor/ as the docs suggest — worth checking yours matches.

The only workaround that actually fixes it:

echo 'kernel.apparmor_restrict_unprivileged_userns=0' | sudo tee /etc/sysctl.d/99-userns.conf
sudo sysctl --system

This disables the unprivileged user namespace restriction system-wide. Not ideal from a security standpoint but it works immediately with no Cursor restart needed.

Summary

The official AppArmor profile from Cursor is missing rules that the sandbox actually needs on Ubuntu 24.04 / Zorin OS 18. This seems to be a case of the shipped profile not being tested against this specific kernel + AppArmor configuration. The documented fix does not resolve the issue — the sysctl workaround is currently the only reliable solution on this distro.

Hope this helps the Cursor team track it down and ship a corrected profile. Thx :

Hello Sir. I tried methods you suggested, but this error is still present. From what I can see a lot of other users also encounter this error message which wasn’t the case until recently. Perhaps it’s more of a AppArmor profile issue shipped with .deb package? Btw I’m on Ubuntu 24.04. I understand that this was resolved before although from the links you posted I’m not sure that this is exactly the same issue. And you can also see that a lot of users tried steps you provided and it didn’t resolve it for them either. Is there any other workaround, or we should wait for you guys to update it?

This error usually means AppArmor is blocking Cursor’s terminal sandbox on Linux 6.2+

You can fix it by disabling the AppArmor restriction for unprivileged user namespaces.

Run these commands:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

To make it persistent after reboot:

echo "kernel.apparmor_restrict_unprivileged_userns=0" | sudo tee /etc/sysctl.d/99-cursor.conf

sudo sysctl --system

Then restart Cursor and open a new terminal.

If it still fails, confirm AppArmor is enabled and you’re on kernel 6.2+.

Seeing this issue. Anyone have a fix for Amazon Linux 2023?

Edit: This seems to help on Fedora. However, I still get “stuck” at Planning next moves, Reconnecting…, Thinking, etc. regardless of model selected.

curl -fsSL https://downloads.cursor.com/lab/enterprise/cursor-sandbox-apparmor-0.2.0-1.noarch.rpm -o cursor-sandbox-apparmor.rpm
sudo rpm -i cursor-sandbox-apparmor.rpm

This issue appeared suddenly and recently.

I get the popup every time I build something on Linux. It’s not limited to some isolated machine. It’s a systemic issue.

This is a bug in Cursor.

Don’t do this

That is a system-wide security relaxation for all apps, instead of fixing it specifically for this one app.

___

I hit the same “Terminal sandbox could not start…” issue, but I was able to fix it.

Here’s an AI summary of the steps to reproduce the fix that worked for me:

What I saw
Kernel audit logs showed the real blocker was AppArmor denying newuidmap:

sudo journalctl -k -b | grep -E 'apparmor="DENIED".*(cursor|unprivileged_userns)' | tail -n 50
# Example deny:
# apparmor="DENIED" operation="capable" profile="cursor_sandbox" comm="newuidmap" capname="dac_override"

Fix (minimal, profile-scoped)
The Cursor sandbox profile (cursor_sandbox) was missing the capability newuidmap needs.

1. Locate the profile file(s):

sudo grep -R --line-number -E 'profile[[:space:]]+cursor_sandbox(_remote)?' /etc/apparmor.d

2. Edit the relevant file(s) (e.g. /etc/apparmor.d/cursor-sandbox and/or the one defining cursor_sandbox_remote) and add this line inside the profile cursor_sandbox { ... } block:

capability dac_override,

3. Reload the profile(s):

sudo apparmor_parser -r /etc/apparmor.d/cursor-sandbox
# If you edited another file for cursor_sandbox_remote, reload that one too

4. Fully restart Cursor, then retry opening the Agent terminal sandbox.

After this, the newuidmap deny disappeared and the sandbox started normally.

Hope this helps — the key was fixing the AppArmor profile.

Wtf guys!!

It took me an hour to painstakingly work through this bug with chatgpt a few days ago. But lo and behold. Here’s another untested upgrade pushed out to everyone and the bug gets resurrected. Just as soon as I upgraded to -

Version: 2.6.11
VSCode Version: 1.105.1
Commit: 8c95649f251a168cc4bb34c89531fae7db4bd990
Date: 2026-03-03T18:57:48.001Z
Build Type: Stable
Release Track: Default
Electron: 39.6.0
Chromium: 142.0.7444.265
Node.js: 22.22.0
V8: 14.2.231.22-electron.0
OS: Linux x64 6.8.0-101-generic

I give up. I’m downgrading and will pin my installation at least two point versions back from the latest release henceforth. I don’t think the word ‘stable’ means what you think it means.

Here’s a fix that I worked out in a chatgpt session over a couple of hours. It amalgamates elements of solutions posted by others on this forum. I do not pretend to understand all of it. So please verify and use at your own discretion.

The rest of this post was drafted by chatgpt, but I read through if carefully before posting and it does indeed reflect the fix that I implemented .

Ubuntu 24.04 (AppArmor 4.x) + kernel 6.2+ (e.g. 6.8): “Terminal sandbox could not start” / Step 2.5/7 loopback NETLINK_ROUTE bind fails

Symptoms / logs typically show:

• Cursor popup: “Terminal sandbox could not start… AppArmor…”

• ~/.config/Cursor/logs/.../exthost.log:
  Failed to apply sandbox: Step 2.5/7 (loopback setup) ... failed to bind NETLINK_ROUTE socket

• kernel audit:
  apparmor="DENIED" ... profile="cursor_sandbox" ... family="netlink" sock_type="raw" ... denied="bind"

Root cause (in this failure mode): Cursor’s shipped /etc/apparmor.d/cursor-sandbox is incomplete on Ubuntu 24.04+ and blocks the helper from doing rtnetlink/loopback setup (and sometimes userns / newuidmap/newgidmap bits). See related threads:

• Profile missing network/signal/userns: https://forum.cursor.com/t/apparmor-cursor-sandbox-profile-incomplete-on-linux-sandbox-does-not-work-correctly-missing-network-signal-userns/153506/5

• Remote profile missing ABI/network rule: https://forum.cursor.com/t/cursor-sandbox-remote-apparmor-profile-missing-abi-declaration-and-network-rule-breaks-sandbox-on-ubuntu-24-04/153478/4

• General sandbox/AppArmor issues: https://forum.cursor.com/t/terminal-sandbox-issue-linux/152979/22

Below is an upgrade-resistant fix that avoids global sysctl weakening and avoids “allow-all”.

0) Confirm you have this exact failure mode

grep -R "Failed to apply sandbox" -n ~/.config/Cursor/logs | tail -n 60
sudo journalctl -k -b --since "10 minutes ago" --no-pager | \
  grep -iE 'apparmor="DENIED"|cursor_sandbox|unprivileged_userns' | tail -n 200

If you see Step 2.5/7 (loopback setup) + netlink raw bind denied, proceed.

1) Make the AppArmor profile upgrade-resistant (dpkg diversion)

Rationale: Cursor updates can overwrite /etc/apparmor.d/cursor-sandbox without prompting. dpkg-divert preserves your maintained file while still letting the vendor’s new profile install alongside as .distrib for diff/merge. The .predivert.date file is your backup.

sudo cp -a /etc/apparmor.d/cursor-sandbox /etc/apparmor.d/cursor-sandbox.predivert.$(date +%F_%H%M%S)

sudo dpkg-divert --local --rename --add \
  --divert /etc/apparmor.d/cursor-sandbox.distrib \
  /etc/apparmor.d/cursor-sandbox

Then base your maintained file on the vendor profile:

sudo cp -a /etc/apparmor.d/cursor-sandbox.distrib /etc/apparmor.d/cursor-sandbox

2) Patch /etc/apparmor.d/cursor-sandbox structurally (minimal edits)

Rationale: keep the vendor file mostly intact, add only what’s needed for Ubuntu 24.04/AppArmor 4.x and future helper renames, and delegate permissions to a local include.

Edit:

sudoedit /etc/apparmor.d/cursor-sandbox

Make these changes:

(a) Add at top (AppArmor 4.x compatibility)

abi <abi/4.0>,
include <tunables/global>

(b) Attach profiles to both helper names (rename-proof)

Change the profile lines to:

profile cursor_sandbox /usr/share/cursor/resources/app/resources/helpers/{cursor-sandbox,cursorsandbox} {
...
}

profile cursor_sandbox_remote /home/*/.cursor-server/bin/*/*/resources/helpers/{cursor-sandbox,cursorsandbox} {
...
}

(c) Ensure userns, is enabled inside both blocks

Uncomment/add the following line to both blocks:

  userns,

(d) Make the mr rule match the brace path in both blocks

  /usr/share/cursor/resources/app/resources/helpers/{cursor-sandbox,cursorsandbox} mr,

and

  /home/*/.cursor-server/bin/*/*/resources/helpers/{cursor-sandbox,cursorsandbox} mr,

(e) Add a local include in both blocks

Rationale: keep your policy deltas in one place.

  #include if exists <local/cursor-sandbox>

Note: #include is an AppArmor preprocessor directive (not a comment).

(f) If you see capname="net_admin" denials in journalctl, add the following line to both profile blocks; otherwise you can omit it.

capability net_admin,

3) Put the actual missing permissions in /etc/apparmor.d/local/cursor-sandbox

Rationale: fix Step 2.5/7 (netlink) and common userns/newuidmap IPC needs without “allow all”.

sudo install -d -m 0755 /etc/apparmor.d/local

sudo tee /etc/apparmor.d/local/cursor-sandbox >/dev/null <<'EOF'
  # Required on Ubuntu 24.04+ restricted userns
  userns,

  # Required for Step 2.5/7 loopback/rtnetlink setup
  network netlink raw,
  network netlink dgram,

  # Commonly required for sandbox IPC
  network unix stream,
  network unix dgram,

  # newuidmap/newgidmap may need this
  capability dac_override,

  # If you create cursor-system profile below:
  signal (send, receive) peer=cursor-system,
EOF

4) Optional: add cursor-system to avoid disabling Ubuntu’s userns restriction globally

Rationale: some setups hit Ubuntu’s unprivileged_userns mediation; this avoids turning off kernel.apparmor_restrict_unprivileged_userns system-wide. This is “unconfined” for Cursor itself (which is typically unconfined anyway), but explicitly allows userns while keeping the global hardening on.

sudo tee /etc/apparmor.d/cursor-system >/dev/null <<'EOF'
abi <abi/4.0>,
include <tunables/global>

profile cursor-system "/usr/share/cursor/cursor" flags=(unconfined) {
  userns,
}
EOF

5) Reload AppArmor profiles

sudo apparmor_parser -r /etc/apparmor.d/cursor-sandbox
sudo apparmor_parser -r /etc/apparmor.d/cursor-system
sudo aa-status | grep -i cursor

Restart Cursor.

6) Validate (no new denials)

sudo journalctl -k -b --since "2 minutes ago" --no-pager | \
  grep -iE 'cursor_sandbox|apparmor="DENIED"|unprivileged_userns'

If clean and popup is gone, you’re done.

7) After each Cursor upgrade: diff & merge safely

Rationale: vendor may add new required rules in future; diversion keeps both versions available.

diff -u /etc/apparmor.d/cursor-sandbox.distrib /etc/apparmor.d/cursor-sandbox | less

Avoid the chattr +i /etc/apparmor.d/cursor-sandbox approach: it can cause apt/dpkg upgrade failures or leave the package half-configured. dpkg-divert is the packaging-native way to prevent overwrites while still receiving upstream changes for review.

Thanks to guys above, I was finally able to resolve this issue in my case. But still, this is deeper and needs to be resolved from Cursor team itself so users won’t find themselves searching for answers in critical moments. Below I will attach what helped in my case specifically, the main thing is to understand your particular error from the logs, I used this command :

grep -R "Failed to apply sandbox" -n ~/.config/Cursor/logs | tail -n 60
sudo journalctl -k -b --since "10 minutes ago" --no-pager | \
  grep -iE 'apparmor="DENIED"|cursor_sandbox|unprivileged_userns' | tail -n 200

With output :

/.config/Cursor/logs/20260303T120028/window2/exthost/exthost.log:19:2026-03-03 12:00:32.346 [error] [shell-exec:sandbox] [isSandboxHelperSupported] Stderr: Error: Failed to apply sandbox: IO error: Step 1-2/7 (user namespace) failed: Failed to unshare namespaces: EPERM: Operation not permitted
kernel: audit: type=1400 audit(1772663751.240:251): apparmor=“DENIED” operation=“create” class=“net” info=“failed af match” error=-13 profile=“cursor_sandbox” pid=6157 comm=“newuidmap” family=“unix” sock_type=“stream” protocol=0 requested=“create” denied=“create” addr=none

Working Fix for “Terminal sandbox could not start” on Ubuntu 24.04 (AppArmor 4.x, kernel 6.8) — Step 1-2/7

I’m posting this in case it helps others (and the Cursor team).

Environment

• Ubuntu 24.04
• Kernel 6.8
• AppArmor 4.0.1
• Cursor installed from official package

Symptoms

Cursor shows:

“Terminal sandbox could not start… This may be caused by an AppArmor configuration…”

Logs:

Failed to apply sandbox: Step 1-2/7 (user namespace) failed

Kernel audit log:

apparmor="DENIED"
profile="cursor_sandbox"
operation="create"
class="net"
family="unix"
sock_type="dgram"

Also similar DENIED entries for:

• newuidmap
• newgidmap
• cursorsandbox

Root Cause

On Ubuntu 24.04 with AppArmor 4.x, the shipped /etc/apparmor.d/cursor-sandbox profile is incomplete.

Specifically:

• userns, alone is NOT sufficient
• the profile does NOT allow creation of UNIX domain sockets
• newuidmap / newgidmap require network unix stream
• sandbox helper requires network unix dgram

So the sandbox fails at Step 1-2/7 because AppArmor blocks UNIX socket creation.

Minimal Fix (clean and safe)

Instead of disabling AppArmor or weakening global sysctl settings, I added a local override.

Create local override file

sudo mkdir -p /etc/apparmor.d/local
sudo nano /etc/apparmor.d/local/cursor-sandbox

Add:

network unix stream,
network unix dgram,

Ensure the main profile includes local override

Edit:

/etc/apparmor.d/cursor-sandbox

Inside BOTH profile blocks (cursor_sandbox and cursor_sandbox_remote), add:

#include if exists <local/cursor-sandbox>

Reload profile

sudo apparmor_parser -r /etc/apparmor.d/cursor-sandbox

Restart Cursor.

Sandbox works immediately.
No more DENIED entries in journalctl.
No need to disable AppArmor.
No need to set kernel.apparmor_restrict_unprivileged_userns=0.

Suggestion for Cursor Team

The shipped AppArmor profile should probably include:

network unix stream,
network unix dgram,

inside the cursor_sandbox profile by default.

Ubuntu 24.04 + AppArmor 4.x enforces stricter mediation, and without these rules the sandbox helper cannot function properly.

This seems to be reproducible on a clean Ubuntu 24.04 install.

Hope this helps someone

thanks, that helped