I believe bwrap was ignored intentionally, as the point of the apparmor change was to prevent arbitrary apps from making unprivileged user namespaces with capabilities. Allowing Bubblewrap to do so would provide a loophole. Same reason `unshare` isn't allowed to make unprivileged namespaces with capabilities.
Perhaps something about libgnome-desktop is incorrectly assuming it needs capabilities that it doesn't actually need? Or is the ability to make unprivileged user namespaces with no capabilities failing somehow? -- You received this bug notification because you are a member of Edubuntu Bugsquad, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~edubuntu-bugs Post to : [email protected] Unsubscribe : https://launchpad.net/~edubuntu-bugs More help : https://help.launchpad.net/ListHelp
