Hello, With Ubuntu 24.04 Canonical has made some AppArmor changes which breaks nsjail unless you create a profile for the nsjail binary (https://discourse.ubuntu.com/t/noble-numbat-release-notes/39890#security-improvements-14).
The problem with this is that the nsjail location is wherever you synced AOSP, so a profile can't really be made for it that can be upstreamed to AppArmor. First idea is to just change build documentation to note that Ubuntu 24.04 onwards will require disabling the restriction. Second idea is to make nsjail a package in Debian, that way it would have a static location in a non user modifiable location, that a policy could be created for and upstreamed. I've noticed that a lot of build dependencies have been moved to prebuilts, so I'm not sure if moving nsjail out of tree is really something Google would want. Thoughts? -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to android-building@googlegroups.com To unsubscribe from this group, send email to android-building+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-building+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/android-building/81b5b215-4854-46a0-a1af-7e29d0a02b36n%40googlegroups.com.
