It does work for AppImages, but it is weird in that they don't have an
install location, so that has to be adjusted for where they are placed
on the system, or we have to set a security xattr on the executable at
the time it is chmoded to +x
Admittedly orcaslicer doesn't use unprivileged user namespaces, but for
it works for an example of how to put one of these on it.
abi <abi/4.0>,
include <tunables/global>
profile orcaslicer /home/jj/Desktop/OrcaSlicer_Linux_V1.8.1.AppImage
flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/orcaslicer>
}
or we could make that looser by doing something like
abi <abi/4.0>,
include <tunables/global>
profile orcaslicer @{bin}/OrcaSlicer_Linux_V1.8.1.AppImage flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/orcaslicer>
}
or by setting the security.apparmor label on the binary
sudo setfattr -h -n security.apparmor -v orcaslicer /PATH/TO/APPIMAGE
and doing
abi <abi/4.0>,
include <tunables/global>
profile orcaslicer xattrs=(security.apparmor=orcaslicer) flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/orcaslicer>
}
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
