There is an ongoing issue with Outline that none of its UI apps work on Ubuntu 22 and 24, containerized or not. It would manifest as:

The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that w/outline-apps/node_modules/electron/dist/chrome-sandbox is owned by root and has mode 4755

I'm trying to fix that, and I've figured out that:

• IDEA runs its JCEF child with --type=zygote --no-zygote-sandbox
• Postman runs with --no-sandbox
• MongoDB compass runs with --type=zygote --no-zygote-sandbox
• Yandex Browser also runs without sandbox
• Some of these still have setuid chrome-sandbox shipped but some no longer do

Apparently, sandbox is either undesirable on latest Ubuntu or it is not needed, or both. My question is: As these produces are closed source, I can't figure out whether they apply this option unconditionally, or if they do this under some condition (e.g. only doing this on Linux and when kernel is newer than x.y.z).

So my question is - when running Electron, what is the state of art, 2025-ready best practices whether to add --no-sandbox to its arguments or not?