Also note that even the system's build of Bubblewrap is not granted the
ability to bypass user namespace restrictions as that would allow the
restrictions to be bypassed by any application. Doing this to your own
build of Bubblewrap will pose the same security issue. If you can avoid
doing things
Unless your app and Bubblewrap can both work without any capabilities in
an unprivileged user namespace, things will probably go south. You
should probably be installing an AppArmor profile for your app that
allows you to use unprivileged user namespaces normally again, as
described in Comment 5
The Tor Browser is actually installable on Ubuntu, and we have
privacy-conscious folks here who are Ubuntu Developers. We just were
absolutely slammed in more ways than we imagined would happen this
cycle and things slipped through the cracks. This is probably one of
them.
You can follow the
This is happening on the SDDM screen too.
** Changed in: kubuntu-settings (Ubuntu)
Importance: Undecided => Critical
** Changed in: kubuntu-settings (Ubuntu)
Importance: Critical => High
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed
Marking this as High as it is an ugly glitch in an otherwise nicely
refreshed user experience. The fix is trivial and safe.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/2061313
Installed Windows 10 Home allowing it to use the entire SSD of my test system.
Booted Kubuntu 24.04 ISO.
Install alongside option appeared, used it.
Installation succeeded.
Upon reboot, I was presented with a GRUB menu, providing both "Ubuntu" and
"Windows Boot Manager" options. Selecting
Looks like our keymap render image is out-of-date and that's what causes
this. If I copy the keymap-render.png from the `spinner` theme into the
kubuntu-logo theme, things appear to work.
** Changed in: kubuntu-settings (Ubuntu)
Importance: Undecided => Critical
** Summary changed:
-
Alright, so this is fun. Apparently there's an image full of keyboard
layout labels in Kubuntu's plymouth theme. There also appears to be code
that handles the password prompt, my assumption is that code extracts a
slice of this image to show the keyboard layout to the user. Evidently
it's doing
, I'll have to check that
out. Thank you!
** Changed in: kubuntu-settings (Ubuntu)
Status: New => Confirmed
** Changed in: kubuntu-settings (Ubuntu)
Assignee: (unassigned) => Aaron Rainbolt (arraybolt3)
--
You received this bug notification because you are a member of Kubunt
** Also affects: kubuntu-installer-prompt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/2060845
Title:
New branding Kubuntu
Public bug reported:
Steps to reproduce:
1: Install the latest daily image of Kubuntu 24.04.
2: Log into the installed system.
3: Click on the application menu, then click "Shut Down".
Expected result: The Kubuntu logo used as the user's avatar should be
blue on a white background.
Actual
Both of these fonts have now been packaged and uploaded to the NEW
queue. They build without problems and place the fonts in question into
the correct locations. The packaging is based on the packaging for
fonts-cabin (plus some extra guidance from fonts-tlwg-typist for the OTF
vs. TTF font
** Changed in: kubuntu-meta (Ubuntu)
Milestone: None => ubuntu-24.04
** Changed in: kubuntu-meta (Ubuntu)
Importance: Undecided => High
** Summary changed:
- Package and seed fonts-space-grotesk, fonts-dm-mono, seed fonts-ibm-plex
+ FFe: Package and seed fonts-space-grotesk,
Public bug reported:
Space Grotesk and DM Mono are fonts used in Kubuntu's branding refresh.
As these are intended to be a part of Kubuntu's branding, it is
necessary that these fonts be included in the Kubuntu 24.04 final ISOs.
(IBM Plex is also used in the branding refresh but is already
I believe bwrap was ignored intentionally, as the point of the apparmor
change was to prevent arbitrary apps from making unprivileged user
namespaces with capabilities. Allowing Bubblewrap to do so would provide
a loophole. Same reason `unshare` isn't allowed to make unprivileged
namespaces with
nevermind, it looks like this is a new bug. I'll file one.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/1969984
Title:
[SRU] Kubuntu Plymouth Theme Shows Badly on Multi-Screen
Released => Confirmed
** Changed in: kubuntu-settings (Ubuntu Noble)
Importance: Medium => High
** Changed in: kubuntu-settings (Ubuntu Noble)
Assignee: Erich Eickmeyer (eeickmeyer) => Aaron Rainbolt (arraybolt3)
** No longer affects: kubuntu-settings (Ubuntu Noble)
--
You
finished.
This FFe applies to both lubuntu-installer-prompt and kubuntu-installer-
prompt.
** Affects: kubuntu-installer-prompt (Ubuntu)
Importance: Undecided
Assignee: Aaron Rainbolt (arraybolt3)
Status: New
** Affects: lubuntu-installer-prompt (Ubuntu)
Importance: Undecided
User prompting sounds like a good idea. Tt fixes one concern I wanted to
bring up, which is developers who use user namespaces in their code
(possibly indirectly by using QtWebEngine for instance). Those devs
would end up with their software crashing for no apparent reason. A user
prompt or
The reason I was suggesting a single attribute to enable user namespace
creation is because of the myriad of third-party apps that we probably
*aren't* going to catch here that users use out there that require user
namespace privileges. For instance, there are probably at least some
I can't seem to get the xattr solution to work. I'm trying it on a
normal binary and it's failing like so:
# Contents of /etc/apparmor.d/falkon
abi ,
include
profile falkon xattrs=(security.apparmor=falkon) flags=(unconfined) {
userns,
include if exists
}
# setfattr command
How acceptable or possible would a solution be that had one universal
"allowUserNamespaces" attribute in an AppArmor config that could then
simply be set on whatever files one wanted to enable the features on?
That would support all third-party apps that a user deemed worthy
without needing much
Nice! This works with AppImages? If so, I think we have a perfect
solution.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to digikam in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions
Thanks! I'll be on the hunt for any more that act like this and add them
to the report. I'm also happy to help prep uploads (I'm not an MOTU yet
so I can't upload on my own, but I can prep the packaging).
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is
This bug also breaks Electron-based AppImages, such as Balena Etcher.
While we specifically don't support these apps, I find it very likely
that Ubuntu has potentially hundreds of thousands of users of these
kinds of apps.
--
You received this bug notification because you are a member of Kubuntu
This is affecting Falkon and qutebrowser as well. Just now me and a
couple of the Lubuntu devs did a deep debugging session and found the
issue.
About four days ago, an upload was made in AppArmor that no longer
allows unprivileged programs to create user namespaces. See
Finally pinned it down by upgrading packages a little bit at a time from
Backports on a Lubuntu 22.04 LTS VM. Upgrading lubuntu-update-notifier
triggers the bug.
** Also affects: lubuntu-update-notifier (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: sddm (Ubuntu
grrr... no, it's not SDDM's fault apparently, upgrading it in a 22.04 VM
didn't cause the issue to appear! Still hunting.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to sddm in Ubuntu.
https://bugs.launchpad.net/bugs/2045706
Title:
It's SDDM's fault - I can reproduce this using the Openbox session too.
** Also affects: sddm (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: lxqt-build-tools (Ubuntu)
** No longer affects: lxqt-build-tools (Ubuntu Noble)
** No longer affects: lxqt-build-tools
Public bug reported:
Steps to reproduce:
1. Boot the latest Lubuntu Lunar ISO in a virtual machine.
2. Open Discover.
3. Click any application section in the left sidebar (the "Office" section is
the one I'm using).
4. Click on any app.
Expected result: Detailed information about the app
Enabled -proposed on a VM affected by this bug. Installed the new
ubuntustudio-default-settings, then rebooted. SDDM theme appears to be
working correctly again.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member
Further research on this bug has confirmed that it is indeed a problem
introduced in a recent change in Breeze. I intend on git bisecting this
today (Central Daylight Time) and hopefully having a fix or at least a
pinpointed commit by tonight or tomorrow.
--
You received this bug notification
This bug doesn't seem to affect Kubuntu, so I'm not sure what exactly is
wrong with Breeze + LXQt. It appears that Breeze and LXQt don't always
work so well together from other discussions, so I'm changing this to a
bug in lubuntu-default-settings so that a quick patch to change the
default theme
The problem is the lack of blue highlighting. When you click on a menu
item in a system with the Breeze theme, the text turns white, while the
background turns blue. Since the blue highlighting isn't appearing
anymore, the text appears to (mostly) vanish (really it turns white on a
slightly
Thank you for taking the time to report this bug and helping to make
Ubuntu better. Unfortunately, we cannot work on this bug because your
description didn't include enough information. You may find it helpful
to read "How to report bugs effectively"
Public bug reported:
Hardware is an HP Z220 SFF Workstation, 256 GB SSD + 1 TB SSD, 32 GB
RAM, UEFI, no secure boot. Testing was done within a Gnome Boxes VM,
SeaBIOS, 4 GB RAM, Kubuntu Kinetic live session.
Steps to reproduce bug:
1: Open the Application Menu.
2: Type "KSystemLog".
3: Click
Public bug reported:
Test hardware is an HP Z220 SFF Workstation, 32 GB RAM, 256 GB SSD.
Testing inside Gnome Boxes, VM is using SeaBIOS, 4 GB RAM. Bug is
showing up in a Kubuntu Kinetic live session with the latest ISO.
Discover version is Discover 5.24.5.
Steps to reproduce:
1: Click the
37 matches
Mail list logo