#!/bin/bash
# Wrapper script that launches the real binary with --no-sandbox.
# Chromium's sandbox requires unprivileged user namespaces or a SUID helper.
# Neither is reliably available: AppImages can't use SUID (FUSE filesystem),
# and many distros restrict user namespaces (Ubuntu 24.04+ AppArmor, etc.).
# This is the standard workaround used by Electron apps on Linux.
# See: https://github.com/electron/electron/issues/18265

SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
exec "$SCRIPT_DIR/tana-bin" --no-sandbox "$@"
