[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: tor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: guix (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I am also just wondering how we can effectively work on sandbox-related code on 24.04 ; does it means any developper (and potentially CI) will have to setup its AppArmor profile **also** matching the builds to have proper userns ? The way it is currently handled, I dont see any other way around, but it also means it needs to be done for any objdir we work on ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Yes for the appimages that are affected they should be reported upstream. There are some things that upstream can do to make appimages work under the restriction, ideally they would do it dynamically based on whether the user namespace is available than just based on distro which is the quick fix some have done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Yep, this is fine. I just wanted to make it clear for others, because one of the comment above might be misleading and even though I know the area of the code impacted by userns, I was actually thinking you got a fix landed on AppArmor side to avoid the need for a dedicated profile. AppImage being impacted might also be good to report to those upstream? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
The AppArmor profile covers the packaged version and the standard privileged install location. You are correct that it does not cover running firefox from an unprivileged user writable location like $HOME. For unprivileged user writable locations like $HOME/bin/ the user has to deliberately make a privileged action like installing a profile for the location of the application. This applies to the appimage version run out of the users $HOME as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have just upgraded to 24.04 from 23.10 and I'd like to emphasize that
for the Firefox case, the comments on that thread mentions "AppArmor
should fix it with beta3" is inaccurate and incomplete: it only
partially fixes the issue since it only covers packaged versions.
Anybody relying on the tarball should have something similar (assuming you
install in $HOME/bin/firefox)
> $ cat /etc/apparmor.d/firefox-bin
> # This profile allows everything and only exists to give the
> # application a name instead of having the label "unconfined"
>
> abi ,
> include
>
> profile firefox /home/XXX/bin/firefox/firefox flags=(unconfined) {
> userns,
>
> # Site-specific additions and overrides. See local/README for details.
> include if exists
> }
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@jorge-lavila: technically possible yes. I want to be careful with what I promise here, as the user experience is not my area. With that said we are currently looking at using aa-notify as a bridge to improve the user experience. We would install it with a filter to only fire a notification for the user namespace denial/transition. That notification will show in your desktops notification area with a button/click action that will launch a user prompt. There will have to be an SRU to add some of the new functionality, but we can make it available before the SRU via a ppa for those who want to test. I will make sure to update this bug when we have this ready for testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Thanks for the detailed reply @jjohansen, Do you think it would be feasible to spawn a pop-up that says something like "This application uses namespaces which is considered vulnerable to exploits, are you sure you want to continue?" and ask for the password to allow the application to run. This would resolve the issue while still allowing portable applications to run properly. This could be achieved for example providing a tool to ask apparmor for permissions. From my side I can just detect if apparmor is used and ask apparmor to grant access to namespaces, in term, apparmor would spawn a pop-up for the user saying that my application is requesting this permission. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@zgraft: I have added a tor item, a profile will land in an update. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@jorge-lavila, Its not a theoretical case, they have been used by multiple exploits every year (including this one) since landing in the kernel. Ubuntu is not the only ones looking at restricting them. SELinux has also picked up the ability but they haven't really rolled it out in policy, there are also discussions in other security forms (eg. the OSS security list) about how to disable them better than the giant sysctl that turns them off for everything. The apparmor solution allows doing it on a per application basis. Yes it deliberately requires a privileged operation, otherwise the restriction could be trivially by-passed by exploit code. We know the experience is not user friendly atm, and are working on improving it. Improving both the flexibility on what is mediated on how the user can by-pass/disable the restriction. On the GUI side the end goal is something similar to what you get on MacOS where the user gets notified, and has to go to the security center to enable running an untrusted application. There is in fact a profile coming for bwrap, and unshare, but not the unconfined profile that is being generically used to disable the restriction. The profile will restrict certain modes of operation, and prevent applications launch by it from having privilege within the user namespace. It will open the ubuntu shipped versions up for regular users again for many of its use cases. Unfortunately untrusted code, which is the case of code downloaded into the home dir, will require a privileged operation to be able to use user namespaces. That could be the use of sudo when using the application, or creating a profile for the application, which then allows the user to subsequently use the application without a privileged operation. ** Also affects: tor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Thanks for the reply! My use case is this one 'shipped as a .tar.gz that people unpack into their home dir and then use'. To me it seems counter-intuitive to force applications to run un-sanboxed for added security; both the solutions proposed (with the application profile and to turn off the user namespace restrictions) would require root privileges, which I currently do not require users to have to be able to run my application. Does Ubuntu have plans for an alternative to bubblewrap sandboxing? Blocking kernel features because they might be exploited seems really extreme. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Also note that even the system's build of Bubblewrap is not granted the ability to bypass user namespace restrictions as that would allow the restrictions to be bypassed by any application. Doing this to your own build of Bubblewrap will pose the same security issue. If you can avoid doing things the way you're doing, that would be best, otherwise just turning off the restriction or granting your build of Bubblewrap an exception at install time is probably the best you can do. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Unless your app and Bubblewrap can both work without any capabilities in an unprivileged user namespace, things will probably go south. You should probably be installing an AppArmor profile for your app that allows you to use unprivileged user namespaces normally again, as described in Comment 5 (https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844/comments/5). You can look at `/etc/apparmor.d/chrome` as an example profile, and make your profile similar. This will require that your build of Bubblewrap be installed into a static location on the filesystem - if you're depending on Bubblewrap working no matter where the binary is on the filesystem (for instance, if your app is portable and is shipped as a .tar.gz that people unpack into their home dir and then use), you'll need to turn off the user namespace restrictions entirely during the install process, as described in the Ubuntu 24.04 release notes (https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release- notes/39890): * Disable this restriction using a persistent setting by adding a new file (/etc/sysctl.d/60-apparmor-namespace.conf) with the following contents: kernel.apparmor_restrict_unprivileged_userns=0 Reboot. This is similar to the previous behaviour, but it does not mitigate against kernel exploits that abuse the unprivileged user namespaces feature. Try to avoid using the "disable unprivileged user namespace restriction" solution if at all possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Hello, Pardon my ignorance, but I ship applications with my own build of bubblewrap to run in a sandboxed manner. bwrap's pivot_root allows my application to work across several distros without worrying about issues with missing or incompatible libraries; it also makes possible to run the same binary on both musl and glibc systems. Does this mean that this will never work on ubuntu again even after the proposed fix (since I do not use the system provided /usr/bin/bwrap binary)? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
The Tor Browser is actually installable on Ubuntu, and we have privacy-conscious folks here who are Ubuntu Developers. We just were absolutely slammed in more ways than we imagined would happen this cycle and things slipped through the cracks. This is probably one of them. You can follow the instructions for adding an AppArmor profile to work around the issue (they're up somewhere in the comments, near the top). Also, where is your Tor Browser binary on your filesystem? We may be able to add a profile specifically for it. On Mon, May 6, 2024 at 2:55 PM Zed <2046...@bugs.launchpad.net> wrote: > > Probably not in scope but the Tor Browser also fails to start properly: > https://forum.torproject.org/t/ubuntu-24-04-daily-and-tor-tabs-crashing- > immediately/11822/7. I can see why Ubuntu might not want to allow such > programs but, a universal distribution should be cognizant that some of > its users value privacy and that default apparmor profiles make it > problematic for such users to maintain their privacy. > > -- > You received this bug notification because you are a member of Lubuntu > Packages Team, which is subscribed to the bug report. > https://bugs.launchpad.net/bugs/2046844 > > Title: > AppArmor user namespace creation restrictions cause many applications > to crash with SIGTRAP > > Status in AppArmor: > New > Status in Wike: > New > Status in akonadiconsole package in Ubuntu: > Fix Released > Status in akregator package in Ubuntu: > Fix Released > Status in angelfish package in Ubuntu: > Fix Released > Status in apparmor package in Ubuntu: > Fix Released > Status in bubblewrap package in Ubuntu: > Won't Fix > Status in cantor package in Ubuntu: > Fix Released > Status in devhelp package in Ubuntu: > Fix Released > Status in digikam package in Ubuntu: > Fix Released > Status in epiphany-browser package in Ubuntu: > Fix Released > Status in evolution package in Ubuntu: > Fix Released > Status in falkon package in Ubuntu: > Fix Released > Status in firefox package in Ubuntu: > Confirmed > Status in foliate package in Ubuntu: > Fix Committed > Status in freecad package in Ubuntu: > Invalid > Status in geary package in Ubuntu: > Fix Released > Status in ghostwriter package in Ubuntu: > Fix Released > Status in gnome-packagekit package in Ubuntu: > Invalid > Status in goldendict-webengine package in Ubuntu: > Fix Released > Status in guix package in Ubuntu: > New > Status in kalgebra package in Ubuntu: > Fix Released > Status in kchmviewer package in Ubuntu: > Fix Released > Status in kdeplasma-addons package in Ubuntu: > Fix Released > Status in kgeotag package in Ubuntu: > Fix Released > Status in kiwix package in Ubuntu: > Incomplete > Status in kmail package in Ubuntu: > Fix Released > Status in konqueror package in Ubuntu: > Fix Released > Status in kontact package in Ubuntu: > Fix Released > Status in loupe package in Ubuntu: > Fix Released > Status in marble package in Ubuntu: > Fix Released > Status in notepadqq package in Ubuntu: > Fix Released > Status in opam package in Ubuntu: > Fix Released > Status in pageedit package in Ubuntu: > Fix Released > Status in plasma-desktop package in Ubuntu: > Fix Released > Status in plasma-welcome package in Ubuntu: > Fix Released > Status in privacybrowser package in Ubuntu: > Invalid > Status in qmapshack package in Ubuntu: > Fix Released > Status in qutebrowser package in Ubuntu: > Fix Released > Status in rssguard package in Ubuntu: > Fix Released > Status in steam package in Ubuntu: > Fix Released > Status in supercollider package in Ubuntu: > Fix Released > Status in tellico package in Ubuntu: > Fix Released > Status in wike package in Ubuntu: > Fix Committed > > Bug description: > Hi, I run Ubuntu development branch 24.04 and I have a problem with > Epiphany browser 45.1-1 (Gnome Web): program doesn't launch, and I get > this error > > $ epiphany > bwrap: Creating new namespace failed: Permission denied > > ** (epiphany:12085): ERROR **: 14:44:35.023: Failed to fully launch > dbus-proxy: Le processus fils s’est terminé avec le code 1 > Trappe pour point d'arrêt et de trace (core dumped) > > $ epiphany > bwrap: Creating new namespace failed: Permission denied > > ** (epiphany:30878): ERROR **: 22:22:26.926: Failed to fully launch > dbus-proxy: Le processus fils s’est terminé avec le code 1 > Trappe pour point d'arrêt et de trace (core dumped) > > Thanks for your help! > > To manage notifications about this bug go to: > https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to:
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Probably not in scope but the Tor Browser also fails to start properly: https://forum.torproject.org/t/ubuntu-24-04-daily-and-tor-tabs-crashing- immediately/11822/7. I can see why Ubuntu might not want to allow such programs but, a universal distribution should be cognizant that some of its users value privacy and that default apparmor profiles make it problematic for such users to maintain their privacy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
bubblewrap should be won't fix per comment #91 from jjohansen ** Changed in: bubblewrap (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
For the thunderbird issue I have created https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-jjohansen: ``` $ sudo dmesg | grep DENIED [ 20.729222] audit: type=1400 audit(1714359674.872:42): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/usr/local/share/" pid=2002 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 20.743227] audit: type=1400 audit(1714359674.886:43): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=2002 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 20.743368] audit: type=1400 audit(1714359674.886:44): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=2002 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 20.743817] audit: type=1400 audit(1714359674.886:45): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=2002 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 20.743821] audit: type=1400 audit(1714359674.886:46): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=2002 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 496.181770] audit: type=1400 audit(1714360150.324:49): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="ubuntu_pro_apt_news" pid=2609 comm="(python3)" [ 526.667987] audit: type=1400 audit(1714360181.273:50): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="ubuntu_pro_apt_news" pid=2767 comm="(python3)" [ 554.736942] audit: type=1400 audit(1714360209.342:51): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="ubuntu_pro_apt_news" pid=3216 comm="(python3)" [ 2204.153512] audit: type=1400 audit(1714361858.768:60): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=8056 comm="snap-confine" capability=12 capname="net_admin" [ 2204.153520] audit: type=1400 audit(1714361858.768:61): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=8056 comm="snap-confine" capability=38 capname="perfmon" [ 2205.965365] audit: type=1107 audit(1714361860.578:62): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.2" pid=8056 label="snap.firefox.firefox" peer_pid=1382 peer_label="unconfined" [ 2206.032369] audit: type=1107 audit(1714361860.647:63): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.83" pid=8056 label="snap.firefox.firefox" peer_pid=8746 peer_label="unconfined" [ 2206.032740] audit: type=1107 audit(1714361860.647:64): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.83" pid=8056 label="snap.firefox.firefox" peer_pid=8746 peer_label="unconfined" [ 2206.331239] audit: type=1400 audit(1714361860.946:65): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/xdg/xdg-Lubuntu/gtk-3.0/settings.ini" pid=8056 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 2990.682061] audit: type=1400 audit(1714362645.300:66): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/xdg/xdg-Lubuntu/gtk-3.0/settings.ini" pid=12989 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 2991.168924] audit: type=1107 audit(1714362645.787:67): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.2" pid=12989 label="snap.firefox.firefox" peer_pid=1382 peer_label="unconfined" [ 2991.217994] audit: type=1107 audit(1714362645.836:68): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.107" pid=12989 label="snap.firefox.firefox" peer_pid=13639 peer_label="unconfined" [ 2991.218729] audit: type=1107 audit(1714362645.837:69): pid=1389 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1"
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: the problem with firefox (it has a snap profile and is allowed access to user namespaces) is different than with chrome (no profile loaded), but still might be apparmor related. Can you look in dmesg for apparmor denials ``` sudo dmesg | grep DENIED ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-jjohansen: Also, I'm having this Thunderbird problem going on simultaneously -- https://forum.snapcraft.io/t/unexplained-thunderbird-already-running- but-is-not-responding-message/39990 -- which might be related to the issues from my Chrome comments? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-jjohansen: Yes, live environment only. Sorry, I thought I'd included that in my first comment but now I see that I neglected to do so. I added an EDIT: to my first comment to make it clear. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: are you running in a live cd environment? Something odd is happening on your system, with some profiles loaded and systemctl reporting ConditionPathExists=!/rofs/etc/apparmor.d -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@jjohansen: ``` $ sudo aa-status apparmor module is loaded. 56 profiles are loaded. 54 profiles are in enforce mode. /snap/snapd/21465/usr/lib/snapd/snap-confine /snap/snapd/21465/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine//mount-namespace-capture-helper libreoffice-senddocists=!/rofs/etc/apparmor.d). libreoffice-soffice//gpg libreoffice-xpdfimport rsyslogd snap-update-ns.chromium snap-update-ns.cups snap-update-ns.firefox snap-update-ns.firmware-updater snap-update-ns.thunderbird snap.chromium.chromedriver snap.chromium.chromium snap.chromium.hook.configure snap.cups.accept snap.cups.cancel snap.cups.cups-browsed snap.cups.cupsaccept snap.cups.cupsctl snap.cups.cupsd snap.cups.cupsdisable snap.cups.cupsenable snap.cups.cupsfilter snap.cups.cupsreject snap.cups.cupstestppd snap.cups.driverless snap.cups.gs snap.cups.ippeveprinter snap.cups.ippfind snap.cups.ipptool snap.cups.lp snap.cups.lpadmin snap.cups.lpc snap.cups.lpinfo snap.cups.lpoptions snap.cups.lpq snap.cups.lpr snap.cups.lprm snap.cups.lpstat snap.cups.reject snap.firefox.firefox snap.firefox.geckodriver snap.firefox.hook.configure snap.firefox.hook.connect-plug-host-hunspell snap.firefox.hook.disconnect-plug-host-hunspell snap.firefox.hook.post-refresh snap.firmware-updater.firmware-notifier snap.firmware-updater.firmware-updater snap.firmware-updater.firmware-updater-app snap.firmware-updater.hook.configure snap.thunderbird.hook.configure snap.thunderbird.thunderbird 2 profiles are in complain mode. libreoffice-oosplash libreoffice-soffice 0 profiles are in prompt mode. 0 profiles are in kill mode. 0 profiles are in unconfined mode. 31 processes have profiles defined. 31 processes are in enforce mode. /usr/sbin/rsyslogd (1472) rsyslogd /snap/chromium/2828/usr/lib/chromium-browser/chrome (77339) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome_crashpad_handler (77395) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome_crashpad_handler (77397) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77401) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77402) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77404) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77433) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77441) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (77443) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (78308) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (78968) snap.chromium.chromium /snap/chromium/2828/usr/lib/chromium-browser/chrome (79729) snap.chromium.chromium /usr/bin/dash (18605) snap.cups.cups-browsed /usr/bin/dash (18912) snap.cups.cups-browsed /usr/bin/sleep (92417) snap.cups.cups-browsed /usr/bin/dash (18607) snap.cups.cupsd /snap/cups/1044/sbin/cupsd (18745) snap.cups.cupsd /snap/firefox/4173/usr/lib/firefox/firefox (50912) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (51554) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (51573) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (52145) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (52713) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (52829) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (57517) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (59890) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (84921) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (85070) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (87511) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (93200) snap.firefox.firefox /snap/firefox/4173/usr/lib/firefox/firefox (93235) snap.firefox.firefox 0 processes are in complain mode. 0 processes are in prompt mode. 0 processes are in kill mode. 0 processes are unconfined but have a profile defined. 0 processes are in mixed mode. ``` ``` $ sudo systemctl status apparmor Warning: The unit file, source configuration file or drop-ins of apparmor.service changed on disk. Run 'systemctl daemon-reload' to reload units. ○ apparmor.service - Load AppArmor profiles Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; preset: enabled) Active: inactive (dead) Condition: start condition unmet at Sun 2024-04-28 20:01:04 PDT; 1 day 12h ago Docs: man:apparmor(7) https://gitlab.com/apparmor/apparmor/wikis/home/ Apr 28 20:01:02 lubuntu
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: This sounds like the apparmor policy is not being loaded can you please provide the output of ``` sudo aa-status ``` and ``` sudo systemctl status apparmor ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I seem to have the same apparmor problem with Chrome under Lubuntu
24.04. From "$ journalctl | grep apparmor | grep chrome" I got
info="Userns create restricted - failed to find unprivileged_userns
profile" (among other things). And it's been reproduced by another as
the following relates.
Can anyone help? Much more detail below. And you can email me:
d...@riseup.net.
Prior Lubuntu versions, I wget'd the latest Chrome deb from Google and
installed it via sudo dpkg -i. Usually it worked quite well. Now with
Lubuntu 24.04, I downloaded the latest Chrome deb the same way on Apr.
28, 2024, but Chrome's not working.
If I run /usr/bin/google-chrome or /usr/bin/google-chrome-stable:
```
$ google-chrome
[55151:55151:0428/224255.271437:FATAL:credentials.cc(127)] Check failed: . :
Permission denied (13)
Trace/breakpoint trap (core dumped)
```
or
```
$ google-chrome-stable
[55166:55166:0428/224300.689874:FATAL:credentials.cc(127)] Check failed: . :
Permission denied (13)
Trace/breakpoint trap (core dumped)
```
Meanwhile, $ sudo netstat -antvp shows active connections to multiple
IPs associated with Google, presumably because I tried multiple times to
get Chrome to launch.
Then,
```
$ ls /etc/apparmor.d
1password firefox lxc-stop rootlesskit
scide usr.bin.redshift
Discord flatpak lxc-unshare rpm
signal-desktop usr.bin.tcpdump
MongoDB_Compass force-complain lxc-usernsexec rssguard
slack usr.lib.libreoffice.program.oosplash
QtWebEngineProcess geary mmdebstrap rsyslog.d
slirp4netnsusr.lib.libreoffice.program.senddoc
abi github-desktop msedge runc
steam usr.lib.libreoffice.program.soffice.bin
abstractionsgoldendict nautilus sbuild
stress-ng usr.lib.libreoffice.program.xpdfimport
brave ipa_verify notepadqqsbuild-abort
surfshark usr.lib.snapd.snap-confine.real
buildah kchmviewer nvidia_modprobe sbuild-adduser
systemd-coredump usr.sbin.cups-browsed
busybox keybase obsidian sbuild-apt
thunderbirdusr.sbin.cupsd
cam lc-compliance opam sbuild-checkpackages
toybox usr.sbin.rsyslogd
ch-checkns libcamerify operasbuild-clean
trinityuwsgi-core
ch-run linux-sandbox pageedit sbuild-createchroot
tunables vdens
chrome local plasmashell sbuild-destroychroot tup
virtiofsd
codeloupe podman sbuild-distupgrade
tuxedo-control-center vivaldi-bin
crunlsb_release polypane sbuild-hold
ubuntu_pro_apt_newsvpnns
devhelp lxc-attach privacybrowser sbuild-shell
unix-chkpwdwpcom
element-desktop lxc-create qcam sbuild-unhold
unprivileged_userns
epiphanylxc-destroy qmapshacksbuild-update
userbindmount
evolution lxc-execute qutebrowser sbuild-upgrade
usr.bin.man
```
and
```
$ cat /etc/apparmor.d/chrome
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile chrome /opt/google/chrome/chrome flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
```
This didn't work either:
```
$ /opt/google/chrome/chrome
[0429/105700.793962:WARNING:chrome_main_linux.cc(80)] Read channel stable from
/opt/google/chrome/CHROME_VERSION_EXTRA
[66808:66808:0429/105700.802212:FATAL:credentials.cc(127)] Check failed: . :
Permission denied (13)
Trace/breakpoint trap (core dumped)
```
Note that I also ran this:
```
$ journalctl | grep apparmor | grep chrome
Apr 28 21:22:42 lubuntu kernel: audit: type=1400 audit(1714364562.824:140):
apparmor="STATUS" operation="profile_replace" profile="unconfined"
name="snap.chromium.chromedriver" pid=19182 comm="apparmor_parser"
Apr 28 22:04:11 lubuntu kernel: audit: type=1400 audit(1714367051.521:200):
apparmor="DENIED" operation="userns_create" class="namespace" info="Userns
create restricted - failed to find unprivileged_userns profile" error=-13
profile="unconfined" pid=46114 comm="chrome" requested="userns_create"
denied="userns_create" target="unprivileged_userns"
```
Someone else reproduced this, following these steps:
```
1. figured out what version of apparmor contained the fix
2. booted the live image
3. checked that the version of apparmor on the live image was greater than
or equal to the version with the fix
4.
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Also affects: guix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Balena Etcher 1.18 dpkg won't install on 24.04 due to dependency issues, 1.19.16 installs fine and runs, but in a degraded sandbox mode. So adding a profile for it would be beneficial The appimage version of Belena Etcher unfortunately fails to run. We can not provide a default profile for the appimage unless it the user moves it to the default deb install location (ie. installs it to the system, instead of running it from their home dir). Users are free to add their own confinement profiles for appimages. Directions are in https://discourse.ubuntu.com/t/noble-numbat-release- notes/39890#unprivileged-user-namespace-restrictions-15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
The Wike fix is coming in the next SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I had no problem running Balena Etcher on Ubuntu 24.04 LTS. Do you have the latest version of Etcher? 1.19.16 https://github.com/balena-io/etcher/blob/master/CHANGELOG.md -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Can we manually add support for Balena Etcher, just like VS Code? Etcher is used by hundreds of thousands of users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
https://gitlab.com/apparmor/apparmor/-/merge_requests/1212 ** Changed in: wike (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
https://gitlab.com/apparmor/apparmor/-/merge_requests/1209 ** Also affects: wike (Ubuntu) Importance: Undecided Status: New ** Also affects: foliate (Ubuntu) Importance: Undecided Status: New ** Changed in: foliate (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Changed in: wike Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Bug watch added: github.com/hugolabe/Wike/issues #181 https://github.com/hugolabe/Wike/issues/181 ** Also affects: wike via https://github.com/hugolabe/Wike/issues/181 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@arraybolt3: Answer to your question. bwrap requires capabilities within the user namespace. unshare is a little more forgiving in that what it requires depends on the options passed but most of the options also require capabilities within the user namespace. The potential solution I mention is comment #91 is to define a profile for bwrap that allows it capabilities within the namespace but does not allow its children capabilities within the namespace, so that bwrap and unshare can not just launch an application to by-pass the restriction. This seems to work well for unshare but there are cases where bwrap is failing in unexpected ways (which is still being debugged). At this late stage the plan is to try to get a fix for bwrap in but if necessary to file an SRU if necessary for the bwrap fix. So yes this is being worked on and even if the fix isn't present on day one we do plan to get it fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@arraybolt3 is correct. Both unshare and bwrap will not get a unconfined profile, as that allows for an arbitrary by-pass of the restriction. There is a potential solution in the works that will allow for bwrap and unshare to function as long as the child task does not require permissions but at this point there are still some issues with it that are being debugged. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I believe bwrap was ignored intentionally, as the point of the apparmor change was to prevent arbitrary apps from making unprivileged user namespaces with capabilities. Allowing Bubblewrap to do so would provide a loophole. Same reason `unshare` isn't allowed to make unprivileged namespaces with capabilities. Perhaps something about libgnome-desktop is incorrectly assuming it needs capabilities that it doesn't actually need? Or is the ability to make unprivileged user namespaces with no capabilities failing somehow? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Hi - ok - very long thread so not quite sure how best to resolve.
I note bubblewrap is marked as confirmed but no resolution.
For budgie-control-center - backgrounds - Add Picture I found that the
gnome-desktop library libgnome-desktop-3-20 is calling bwrap and that
this was failing due to permissions.
I worked around this via
```
cat /etc/apparmor.d/bwrap
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
```
Can this be added to apparmor please?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
We have an update of the firefox profile coming that supports the /opt/firefox/firefox location used as the default install for the firefox downloaded directly from mozilla.org If you are running firefox out of your home directory, that will not be directly supported and you will need to chose to do one of the following to fix the issue. 1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox. 2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/ 3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user- namespaces ** Changed in: qmapshack (Ubuntu) Status: Confirmed => Fix Released ** Changed in: qutebrowser (Ubuntu) Status: Confirmed => Fix Released ** Changed in: rssguard (Ubuntu) Status: Confirmed => Fix Released ** Changed in: supercollider (Ubuntu) Status: Confirmed => Fix Released ** Changed in: geary (Ubuntu) Status: Confirmed => Fix Released ** Changed in: goldendict-webengine (Ubuntu) Status: Confirmed => Fix Released ** Changed in: kchmviewer (Ubuntu) Status: Confirmed => Fix Released ** Changed in: loupe (Ubuntu) Status: Confirmed => Fix Released ** Changed in: notepadqq (Ubuntu) Status: Confirmed => Fix Released ** Changed in: pageedit (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@coeur-noir: Are you installing firefox to /opt/ as recommended or using it local in your user account? as for bwarp, maybe it is known to be problematic. It is allowed to run and to create a user namespace but it is denied all capabilities within the namespace. Can you run sudo dmesg | grep apparmor and add the information here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Ubuntu 24.04 installed today. Firefox autonomous archive downloaded from https://www.mozilla.org/fr/firefox/all/#product-desktop-release And « ooops… » in any tab, terminal says : [Parent 5931, IPC I/O Parent] WARNING: process 6020 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6026 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6036 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6084 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6099 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6110 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6119 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6128 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6143 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6147 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 [Parent 5931, IPC I/O Parent] WARNING: process 6150 exited on signal 11: file /builds/worker/checkouts/gecko/ipc/chromium/src/base/process_util_posix.cc:265 …firefox as a snap looks to run fine but I have many bwrap processes that use 100% cpu to the point of over-heating. Is it related ? See picture of monitor → https://i.ibb.co/BZCfNjJ/2404-bwrap.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
loupe problem solved with apparmor 4.0.0-beta3-0ubuntu2 https://bugs.launchpad.net/ubuntu/+source/loupe/+bug/2054142 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@ajg-charlbury: no apparmor beta3 has not landed in proposed yet, we are working on the upload now. firefox separately have added a bug fix that will detect when the user namespace/capabilities are denied and fallback without crashing but it disables the full sandbox. the apparmor-beta3 fix should enable firefox to function with the full sandbox. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have just tried running firefox from the firefox-nightly download and all runs well using that version 125.0a1 (2024-03-17) (64-bit). I assume the beta3 you speak of is the new version of apparmor; is that the same version as the current apparmor-proposed version? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@ajg-charlbury: yes, firefox we are well aware of the problem, the firefox profile has been tweaked for beta3 (landing this week) so that it should work with the new deb. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have seen the problem with firefox tabs crashing in the .deb installation and when running direct from the downloaded .tar.bz from Mozilla. Firefox opens but tabs show error saying "Tab crashed" This has forced me to use the snap version which works fine though I prefer not to use snaps at all as I dislike the lack of control of them and the restrictions on use that they create -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@arraybolt3: qutebrowser should be fixed in beta3 ** Changed in: qutebrowser (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: qmapshack (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: notepadqq (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: pageedit (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@kc2bez: qmapshack should be fixed in beta3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@kc2bez: I have been able to verify that privacybrowser is not working. However it is not due to the apparmor user namespace restrictions. I get the following segfault out of dmesg [ 1591.466016] privacybrowser[7743]: segfault at 8 ip 70bb4dd11ccc sp 7ffd5c6587e0 error 4 in libQt5Core.so.5.15.12[70bb4da8e000+335000] likely on CPU 0 (core 0, socket 0) [ 1591.466026] Code: ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec 98 00 00 00 48 89 55 80 <48> 8b 5f 08 89 b5 7c ff ff ff 64 48 8b 04 25 28 00 00 00 48 89 45 I recommend opining a separate bug to track the issue. ** Changed in: privacybrowser (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@kc2bez: pageedit should be fixed in beta3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@kc2bez: notepadqq should be fixed in beta3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@kc2bez: there are no updated deb packages in the ppa for kiwix. the kiwix appimage worked for me. kiwix flatpak worked for me. I am not sure what you were seeing. But I we are going to need more information. ** Changed in: kiwix (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
hi @vvaleryan-24, I have been able to replicate the crash you are seeing but it is not do to the user namespace restriction. The restrictions logging does not happen, and I can put it in an unconfined profile and it still doesn't help. From dmesg I find the following segfault [79854.520976] gpk-application[19250]: segfault at 8 ip 5930eec2dba8 sp 7fff471b6b70 error 4 in gpk-application[5930eec24000+d000] likely on CPU 1 (core 0, socket 1) [79854.520985] Code: 85 ff 0f 85 72 fd ff ff e9 72 fd ff ff 0f 1f 44 00 00 48 8b 44 24 30 48 8d 15 37 46 00 00 be 10 00 00 00 48 8d 3d c2 34 00 00 <48> 8b 48 08 31 c0 e8 6d 79 ff ff c7 43 04 00 00 00 00 48 8b 7b 50 my recommendation is we move debugging over of this to the other bug. ** Changed in: gnome-packagekit (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Georgia, RE: tuxedo-control-center That works perfectly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Hi, for Gnome-packagekit it's related to this behavior : https://bugs.launchpad.net/ubuntu/+source/gnome-packagekit/+bug/2046843 I run Ubuntu development branch 24.04 and I have a problem with Gnome PackageKit 43.0-2 : application launches well, but if I write a program / package name in the search field and click on"Enter", it crashes and closes : $ gpk-application (gpk-application:6130): PackageKit-CRITICAL **: 10:51:02.410: pk_client_generic_finish: assertion 'G_IS_TASK (res)' failed Erreur de segmentation (core dumped) It stills occurs on my computer… -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
this will be fixed in Beta ** Changed in: kchmviewer (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: rssguard (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: supercollider (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
sorry this won't be fixed in Beta3 that note was for goldendict ** Changed in: gnome-packagekit (Ubuntu) Assignee: John Johansen (jjohansen) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Will be fixed in Beta3 ** Changed in: goldendict-webengine (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
we will be fixed in Beta3 ** Changed in: gnome-packagekit (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have tested gnome-packagekit and it never trigger unprivileged user namespace mediation. Can you please provide more information on how you triggered it. ** Changed in: gnome-packagekit (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Changed in: loupe (Ubuntu) Assignee: (unassigned) => Georgia Garcia (georgiag) ** Changed in: geary (Ubuntu) Assignee: (unassigned) => Georgia Garcia (georgiag) ** Changed in: firefox (Ubuntu) Assignee: (unassigned) => Georgia Garcia (georgiag) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
supercollider will work on current noble. Since it is using QTWebEngine it has a graceful fallback when capabilities within the user namespace are denied. supercollider will have a profile and be fixed in Beta3, so it doesn't even have to do the fallback. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have tried freecad and unprivileged user namespace restrictions are
not the problem. freecad snap works, freecad ppa does not have a noble
build yet but the mantic build can be made to work.
freecad daily appimage: works
freecad appimage: stable fails with mesa or qt errors depending on how/where it
is started. Below is a paste of the error
MESA-LOADER: failed to open zink: /usr/lib/dri/zink_dri.so: cannot open shared
object file: No such file or directory (search paths
/usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri)
failed to load driver: zink
MESA-LOADER: failed to open swrast: /usr/lib/dri/swrast_dri.so: cannot open
shared object file: No such file or directory (search paths
/usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri)
failed to load driver: swrast
** Changed in: freecad (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@sudipmuk loupe should be fixed in Beta3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@eeickmeyer geary should be fixed in Beta3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@guyster, @eldmannen+launchpad, @valeryan-24 Firefox dailies now have a work around, by detecting and disabling the user namespace. The proper fix that should allow firefox to still use the user namespace for its sandbox will land in Beta3, landing early next week. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Erich Eickmeyer, I don't have a Tuxedo Computer to test, so could you
please check if the following profile works for you?
$ echo "# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile tuxedo-control-center /opt/tuxedo-control-center/tuxedo-control-center
flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}" | sudo tee /etc/apparmor.d/tuxedo-control-center
$ sudo apparmor_parser /etc/apparmor.d/tuxedo-control-center
and restart tuxedo-control-center.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@valeryan-24 ModuleNotFoundError: No module named 'imp'" says that your Gpodder issue is not related to this bug. You are missing a dependency the 'imp' module. If Gpodder is packaged it will need to add that as part of its install dependencies. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Fix released for Firrefox (Nightly) 125. Since a few days, I can't launch Gpodder (podcast program) anymore, is it also related to this bug or is it something different ? "[gpodder.log] ERROR: Uncaught exception: Traceback (most recent call last): File "/usr/bin/gpodder", line 181, in main() File "/usr/bin/gpodder", line 173, in main from gpodder.gtkui import app File "/usr/lib/python3/dist-packages/gpodder/gtkui/app.py", line 31, in from gpodder import core, util File "/usr/lib/python3/dist-packages/gpodder/core.py", line 25, in from gpodder import config, dbsqlite, extensions, model, util File "/usr/lib/python3/dist-packages/gpodder/extensions.py", line 34, in import imp ModuleNotFoundError: No module named 'imp' Traceback (most recent call last): File "/usr/bin/gpodder", line 181, in main() File "/usr/bin/gpodder", line 173, in main from gpodder.gtkui import app File "/usr/lib/python3/dist-packages/gpodder/gtkui/app.py", line 31, in from gpodder import core, util File "/usr/lib/python3/dist-packages/gpodder/core.py", line 25, in from gpodder import config, dbsqlite, extensions, model, util File "/usr/lib/python3/dist-packages/gpodder/extensions.py", line 34, in import imp ModuleNotFoundError: No module named 'imp'" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Changed in: steam (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Before I saw your post about the environment variable, I edited the profile in /etc/apparmor.d/firefox to reflect /opt/firefox. If I launch from a mate desktop icon, or from the menu, all is well. If I click on a link, from say an email, I get the tab crashed bug again. Is there a way to work around this? I'm using Thunderbird, installed the same way, for my email. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
A workaround is to set the environment variable MOZ_ASSUME_USER_NS=0. You can run it as: env MOZ_ASSUME_USER_NS=0 /home/bob/Downloads/firefox/firefox --name=firefox-nightly %u -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have read in a couple other pages that I can edit /etc/apparmor.d/firefox. Since I'm using version 124 beta 9, and my firefox is installed in /opt/firefox, do I just adjust the path in that file to make it work? Thanks much in advance for the help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I am seeing this also, as of updating all packages, about fifteen minutes ago. Is there a definite fix released? This doesn't mean we have to resort to using firefox from snap, right? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I reported the bug upstream for Firefox - if you have a Bugzilla account on Mozilla and are affected, you could confirm it please : https://bugzilla.mozilla.org/show_bug.cgi?id=1884347 ** Bug watch added: Mozilla Bugzilla #1884347 https://bugzilla.mozilla.org/show_bug.cgi?id=1884347 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Also affects: loupe (Ubuntu) Importance: Undecided Status: New ** Changed in: loupe (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Also affects: apparmor Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Yes, since today's updates, Firefox Nightly 125.0a1 from Mozilla repositery which worked very fined until now, stopped : program still well starts, but every tab gets a crash error and doesn't laod the page (even the start about:blank one)… -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: firefox (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@scarlet I think it is fair to mark these as Fixed released as they are part of apparmor-alpha4 that is in noble. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
This is part of the apparmor alpha4 release in noble ** Changed in: plasma-desktop (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
This is part of the alpha4 release in noble ** Changed in: kdeplasma-addons (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I am seeing this with the (relatively new) Mozilla-provided Firefox deb package (https://support.mozilla.org/en-US/kb/install-firefox- linux#w_install-firefox-deb-package-for-debian-based-distributions). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu) Milestone: None => ubuntu-24.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I've experienced this
(https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2056190) in
Kubuntu 24.04:
- related to Firefox and Firefox-based browsers (Waterfox, Librewolf,
Midori, Floorp, Mullvad) installed from deb, running locally
("portable"), or as appimage, while flatpak and snap versions are NOT
affected (as far as I've been able to test, given that only Firefox
seems available as snap)
- related to kernel version 6.8.0 in 24.04, while 6.5 was not affected
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
plasma-desktop and kdeplasma-addons are in the main apparmor package and fixed. Is it ok to make those are fix-released? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Also would like to note that tuxedo-control-center, a third-party Electron app for Tuxedo Computers, is affected by this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Geary is seeded in Edubuntu as its main email client, so this is definitely something we'd like fixed. ** Also affects: geary (Ubuntu) Importance: Undecided Status: New ** Changed in: geary (Ubuntu) Status: New => Confirmed ** Changed in: geary (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Changed in: angelfish (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
We had a mitigation for this in glibc but the latest change from simply denying the unshare() call to allowing it but then denying anything requiring capabilities *presumably* broke the glibc test suite again. I'm only basing this from looking at the test logs, as I'm temporarily unable to run autopkgtests locally and am lacking the time to fix it. 2 classes of errors: 2770s FAIL: stdlib/tst-system 2770s original exit status 1 2770s error: test-container.c:1136: could not create a private mount namespace That one is clearly userns-related, as it's due to a failing mount() call right after unshare() 2770s FAIL: sunrpc/tst-svc_register 2770s original exit status 1 2770s error: xwrite.c:32: write of 12 bytes failed after 0: Operation not permitted 2770s error: 1 test failures I can't tell for sure what this one is about since this is your basic write() call and I don't have a stack trace at hand, but the EPERM would suggest that it's related. I think a first fix would be to amend the test script to disable the userns restriction entirely for the duration of the tests (using 'needs- sudo'), while I'll still need to patch the test suite eventually to handle this new failure mode gracefully and simply ignore the tests, akin to https://sourceware.org/pipermail/libc- alpha/2024-February/154754.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
This bug was fixed in the package ghostwriter - 23.08.5+ds-0ubuntu1 --- ghostwriter (23.08.5+ds-0ubuntu1) noble; urgency=medium * New upstream release (23.08.5) ghostwriter (23.08.4+ds-0ubuntu2) noble; urgency=medium * Add apparmor profile to fix userns. (LP: #2046844) -- Scarlett Moore Thu, 22 Feb 2024 09:31:12 -0700 ** Changed in: ghostwriter (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
** Merge proposal linked: https://code.launchpad.net/~p-pisati/britney/+git/hints-ubuntu/+merge/461043 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
This bug was fixed in the package kgeotag - 1.5.0-1ubuntu1 --- kgeotag (1.5.0-1ubuntu1) noble; urgency=medium * Add apparmor profile to fix userns. Ref: (LP: #2046844) -- Scarlett Moore Thu, 15 Feb 2024 00:06:50 -0700 ** Changed in: kgeotag (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
This bug was fixed in the package akonadiconsole - 4:23.08.5-0ubuntu2 --- akonadiconsole (4:23.08.5-0ubuntu2) noble; urgency=medium * Add apparmor profile to fix userns. Ref: (LP: #2046844) -- Scarlett Moore Sun, 25 Feb 2024 01:25:04 -0700 ** Changed in: akonadiconsole (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
