[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

[W. J. van der Laan]

** Also affects: guix (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064115] Re: Conflict between apparmor and guix on Ubuntu 24.04

[W. J. van der Laan]

Looks like this is a case of
https://bugs.launchpad.net/apparmor/+bug/2046844

What does work as a workaround is to create a specifc apparmor profile
for guix, that is really unconfined and allows user namespaces:

Create a file /etc/apparmor.d/guix:


abi ,
include 

profile guix /usr/bin/guix flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists 
}


Then do:

/etc/init.d/apparmor reload
aa-enforce guix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064115

Title:
  Conflict between apparmor and guix on Ubuntu 24.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2064115/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064115] Re: Conflict between apparmor and guix on Ubuntu 24.04

[W. J. van der Laan]

Uninstalling `apparmor` and rebooting is the only thing i have found
that makes it work.

Selectively disabling the specific rulset with:

# aa-disable unprivileged_userns

Gives a new error:

$ guix environment -C
guix environment: warning: no packages specified; creating an empty environment
guix environment: error: clone: 2114060305: Permission denied

Same for temporarily turning off apparmor entirely.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064115

Title:
  Conflict between apparmor and guix on Ubuntu 24.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2064115/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2064115] [NEW] Conflict between apparmor and guix on Ubuntu 24.04

[W. J. van der Laan]

Public bug reported:

On Ubuntu 24.04 i'm unable to use GNU guix as installed from the apt
repository.

Version:
Package: guix
Architecture: amd64
Version: 1.4.0-6build1

To reproduce:
- Install a fresh 23.10 host
- Upgrade to 24.04 with do-release-upgrade -d (but i’ve heard reports that this 
also happens with clean 24.04 install), reboot
- `apt-install guix`
- Create an unprivileged user with adduser
- `guix environment -C` as the user gives:
```
$ guix environment -C
guix environment: warning: no packages specified; creating an empty environment
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
0.4 MB will be downloaded
 glibc-utf8-locales-2.33  382KiB


   1.5MiB/s 
00:00 [##] 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
The following derivation will be built:
  /gnu/store/19qqzzam5250zsxakc4ym0a28b4sd8nv-profile.drv

22.1 MB will be downloaded
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
 bash-5.1.8-doc  301KiB 


   1.8MiB/s 
00:00 [##] 100.0% bash-static-5.1.8  646KiB 



6.4MiB/s 00:00 [##] 100.0% 
module-import-compiled  102KiB  


  3.5MiB/s 
00:00 [##] 100.0% glibc-2.33  13.1MiB   



   16.8MiB/s 00:01 [##] 100.0% 
bash-minimal-5.1.8  624KiB  


 26.4MiB/s 
00:00 [##] 100.0% gcc-10.3.0-lib  9.0MiB



   13.8MiB/s 00:01 [##] 100.0% libffi-3.3  
67KiB   


 12.2MiB/s 00:00 
[##] 100.0% libgc-8.0.4  262KiB 



 12.7MiB/s 00:00 [##] 100.0% libunistring-0.9.10  
781KiB  


15.1MiB/s 00:00 
[##] 100.0% ncurses-6.2.20210619  1.1MiB



  2.9MiB/s 00:00 [##] 100.0% pkg-config-0.29.2  
454KiB