pretty upset. After one month with few updates, the problem is still there.

As you can see in my comment, I have reported the bug for Cursor version 2.6.20 which is the latest (at least according to your downloads page) and I can still reproduce the bug unless I take the steps outlined in my comment

(Using the DEB package)

I can confirm this issue is still present after upgrading to the latest Cursor from APT (DEB install path).

Environment

• OS: Ubuntu 24.04 LTS
• Kernel: 6.17.0-19-generic
• Install method: official APT/DEB
• Cursor: upgraded via apt update && apt upgrade (latest available from Cursor repo)

Current behavior

After update, I still get:

Terminal sandbox could not start

And direct sandbox preflight still fails with:

Step 2.5/7 (loopback setup) failed: loopback: failed to look up lo interface

So the problem is reproducible on latest package, not fixed by updating.

Additional packaging issue observed

After following the suggested AppArmor package flow, APT ended up with duplicate source entries:

• /etc/apt/sources.list.d/cursor-apparmor.sources
• /etc/apt/sources.list.d/cursor.sources

This causes repeated configured multiple times warnings on every apt update.

Impact

This has become a recurring maintenance burden.

Request to Cursor team

Please provide:

1. A tracked bug ID for this Linux sandbox regression.
2. A known-good Cursor version for Ubuntu 24.04.
3. Clear ETA for a real fix (not workaround-only guidance).
4. A packaging fix to prevent duplicate APT source files.

References:

• Terminal Sandbox Issue Linux (this thread)
• Terminal sandbox could not start
• Shell Sandbox preflight fails (Exit 101)
• Cursor-sandbox-remote AppArmor profile missing abi declaration and network rule

v0.6.0 is the latest version:

curl -fsSL https://downloads.cursor.com/lab/enterprise/cursor-sandbox-apparmor_0.6.0_all.deb -o cursor-sandbox-apparmor.deb

If you just want the profile, its:

profile cursor_sandbox_remote /home/*/.cursor-server/bin/*/*/resources/helpers/cursorsandbox {
  file,
  /** ix,

  capability sys_admin,
  capability net_admin,
  capability chown,
  capability setuid,
  capability setgid,
  capability setpcap,
  network unix,
  network inet stream,
  network inet6 stream,
  network netlink raw,

  ## Uncomment this on AppArmor 4.0
  #userns,

  mount,
  remount,
  umount,

  /home/*/.cursor-server/bin/*/*/resources/helpers/cursorsandbox mr,
}

profile cursor_sandbox_agent_cli /home/*/.local/share/cursor-agent/versions/*/cursorsandbox {
  file,
  /** ix,

  capability sys_admin,
  capability net_admin,
  capability chown,
  capability setuid,
  capability setgid,
  capability setpcap,
  network unix,
  network inet stream,
  network inet6 stream,
  network netlink raw,

  ## Uncomment this on AppArmor 4.0
  #userns,

  mount,
  remount,
  umount,

  /home/*/.local/share/cursor-agent/versions/*/cursorsandbox mr,
}

The fix for this for local Cursor (i.e. not headless) will show up in the next release of Cursor, but it’s basically the same thing, edit /etc/apparmor.d, season to taste, etc.

Thank you! I just did it with the version (see below), and it worked!

God bless you (whatever God you believe in)

Version: 2.6.20
VSCode Version: 1.105.1
Commit: b29eb4ee5f9f6d1cb2afbc09070198d3ea6ad760
Date: 2026-03-17T01:50:02.404Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.17.0-19-generic

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Terminal sandbox could not start. This may be caused by an AppArmor configuration on your Linux system (kernel 6.2+). See the documentation for how to resolve this.

Steps to Reproduce

just lunch cursor, message there.
terminal is working fine

Expected Behavior

not getting error messahes

Screenshots / Screen Recordings

cursor screen.png836×651 25.8 KB

Operating System

Linux

Version Information

Version: 2.6.20
VSCode Version: 1.105.1
Commit: b29eb4ee5f9f6d1cb2afbc09070198d3ea6ad760
Date: 2026-03-17T01:50:02.404Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.17.0-19-generic

Does this stop you from using Cursor

No - Cursor works, but with this issue

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Cursor Settings > Agents > Auto-run Mode has no “Run in sandbox” option as per Terminal | Cursor Docs

I have ran

curl -fsSL https://downloads.cursor.com/lab/enterprise/cursor-sandbox-apparmor_0.4.0_all.deb -o cursor-sandbox-apparmor.deb
sudo dpkg -i cursor-sandbox-apparmor.deb

Steps to Reproduce

Download latest cursor and app armour then go to Cursor Settings > Agents in Cursor IDE

Expected Behavior

Ability to select “run in sandbox” from the dropdown as per the docs

Operating System

Linux

Version Information

Ubuntu 24.04.4 LTS
Cursor 2.6.20
cursor-sandbox-apparmor (0.4.0)

Does this stop you from using Cursor

No - Cursor works, but with this issue

I cannot get this working even after adding network unix or using the suggestion here

I get

grep -R “Failed to apply sandbox” -n ~/.config/Cursor/logs | tail -n 60

 [error] [shell-exec:sandbox] [isSandboxHelperSupported] Stderr: Error: Failed to apply sandbox: IO error: Step 2.5/7 (loopback setup) failed: IO error: loopback: failed to look up lo interface
/home/ben/.config/Cursor/logs/20260321T201204/window1/exthost/exthost.log:65:Error: Failed to apply sandbox: IO error: Step 2.5/7 (loopback setup) failed: IO error: loopback: failed to look up lo interface
/home/ben/.config/Cursor/logs/20260321T201204/window1/exthost/exthost.log:68:2026-03-21 20:12:10.331 [error] [shell-exec:sandbox] [isSandboxHelperSupported] Stderr: Error: Failed to apply sandbox: IO error: Step 2.5/7 (loopback setup) failed: IO error: loopback: failed to look up lo interface

And

╰─❯ sudo journalctl -k -b --since "10 minutes ago" --no-pager | \                                ─╯
  grep -iE 'apparmor="DENIED"|cursor_sandbox|unprivileged_userns' | tail -n 200
Mar 21 20:43:48 ROG-Zephyrus-G14-GA403UI kernel: audit: type=1400 audit(1774125828.606:777): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="cursor_sandbox_agent_cli" pid=84104 comm="apparmor_parser"
Mar 21 20:43:48 ROG-Zephyrus-G14-GA403UI kernel: audit: type=1400 audit(1774125828.606:778): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="cursor_sandbox_remote" pid=84104 comm="apparmor_parser"
Mar 21 20:43:54 ROG-Zephyrus-G14-GA403UI kernel: audit: type=1400 audit(1774125834.259:779): apparmor="DENIED" operation="create" class="net" info="failed af match" error=-13 profile="cursor_sandbox" pid=84550 comm="cursorsandbox" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
Mar 21 20:43:54 ROG-Zephyrus-G14-GA403UI kernel: audit: type=1400 audit(1774125834.480:780): apparmor="DENIED" operation="create" class="net" info="failed af match" error=-13 profile="cursor_sandbox" pid=84567 comm="cursorsandbox" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
Mar 21 20:43:54 ROG-Zephyrus-G14-GA403UI kernel: audit: type=1400 audit(1774125834.515:781): apparmor="DENIED" operation="create" class="net" info="failed af match" error=-13 profile="cursor_sandbox" pid=84568 comm="cursorsandbox" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none



And have tried [```

and have tried this

I tried to follow this and got nowhere, it started after i switched from appimage to deb install
but i before that i kept having the agent try to do sandbox things and retrying without sandbox . if that means anything

Version: 2.6.20
VSCode Version: 1.105.1
Commit: b29eb4ee5f9f6d1cb2afbc09070198d3ea6ad760
Date: 2026-03-17T01:50:02.404Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.17.0-19-generic
Ubuntu 25.10

used:
cursor-sandbox-apparmor_0.6.0_all.deb
etc

On a fresh installed Debian 13 and latest Cursor + cursor-sandbox-apparmor_0.6.0_all.deb installed. I still got duplication and sandbox warning/issue.

Version: 2.6.21
VSCode Version: 1.105.1
Commit: fea2f546c979a0a4ad1deab23552a43568807590
Date: 2026-03-21T22:09:10.098Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.12.74+deb13+1-amd64

I still get the same message with

Version: 2.6.21
VSCode Version: 1.105.1
Commit: fea2f546c979a0a4ad1deab23552a43568807590
Date: 2026-03-21T22:09:10.098Z
Build Type: Stable
Release Track: Default
Electron: 39.5.2
Chromium: 142.0.7444.265
Node.js: 22.22.0
V8: 14.2.231.22-electron.0
OS: Linux x64 6.19.10-arch1-local-local

Apparmor is not enabled:

# cat /sys/kernel/security/lsm
capability,landlock,lockdown,yama,bpf
# cat /sys/module/apparmor/parameters/enabled
N

My set up:
Version: 2.6.22
VSCode Version: 1.105.1
Commit: c6285feaba0ad62603f7c22e72f0a170dc8415a0
Date: 2026-03-27T15:59:31.561Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.17.0-19-generic**

Fix: sandbox still failing after installing cursor-sandbox-apparmor deb (missing network rules + dac_override)**

If you’ve installed cursor-sandbox-apparmor_0.6.0_all.deb and are still getting sandbox failures, the installed AppArmor profile is missing network rules entirely and the dac_override capability. This causes newuidmap to be denied on both socket creation and capability, which is what kills the loopback setup step.

You can confirm this is your issue by running:

sudo journalctl -k -b --since "1 hour ago" --no-pager | grep -iE 'apparmor="DENIED".*cursor'

If you see denials like comm="newuidmap" family="unix" sock_type="stream" and capname="dac_override", this fix applies to you.

Fix

First, find the actual profile filename (it differs from what the docs suggest):

ls /etc/apparmor.d/ | grep -i cursor

Then edit the profile (likely cursor-sandbox not cursor_sandbox):

sudo nano /etc/apparmor.d/cursor-sandbox

Add capability dac_override and the missing network rules to both profiles in the file:

  capability sys_admin,
  capability net_admin,
  capability chown,
  capability setuid,
  capability setgid,
  capability setpcap,
  capability dac_override,    <-- add this
  network unix,
  network unix stream,        <-- add this
  network unix dgram,         <-- add this
  network inet stream,
  network inet6 stream,
  network netlink raw,

Reload the profile and restart Cursor:

sudo apparmor_parser -r /etc/apparmor.d/cursor-sandbox

Note: If Cursor updates itself it may reinstall the deb and reset the profile, so if the sandbox breaks again after an update this is the first place to check.

Tested on kernel 6.17.0-19-generic / Cursor 2.6.22 / cursor-sandbox-apparmor 0.6.0

Version: 2.6.21
VSCode Version: 1.105.1
Commit: fea2f546c979a0a4ad1deab23552a43568807590
Date: 2026-03-21T22:09:10.098Z
Build Type: Stable
Release Track: Default
Electron: 39.8.1
Chromium: 142.0.7444.265
Node.js: 22.22.1
V8: 14.2.231.22-electron.0
OS: Linux x64 6.12.74+deb13+1-amd64

On this setup above it works. Where on Version: 2.6.20 it haven’t. And now on Version: 2.6.22 there is regression and doesn’t work again.

Of course I’ve used cursor-sandbox-apparmor_0.6.0_all.deb.