*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Late for the party, But>>> Verified on KVM install
"Active apt repos in:
/etc/apt/sources.list.d/apparmor-dev-ubuntu-unprivileged-userns-noble.sources
1: deb
Here
*└─> sudo dmesg | grep DENIED
[sudo] password for me:
┌───>
│~
└─>
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status
aa-status
apparmor module is loaded.
100 profiles are loaded.
31 profiles are in enforce mode.
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
With apparmor
*grep 'network' /etc/apparmor.d/ab*/*
/etc/apparmor.d/abi/3.0:network {af_unix {yes
/etc/apparmor.d/abi/3.0:network_v8 {af_mask {unspec unix inet ax25 ipx
appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink
packet ash econet atmsvc rds sna irda pppox
No apparmor still but i will include
*grep 'network' /etc/apparmor.d/ab*/*
grep: /etc/apparmor.d/abstractions/base.d: Is a directory
/etc/apparmor.d/abstractions/libvirt-qemu: network inet stream,
/etc/apparmor.d/abstractions/libvirt-qemu: network inet6 stream,
After reboot with apparmor active
* systemctl status surfsharkd2.service
● surfsharkd2.service - Surfshark Daemon2
Loaded: loaded (/lib/systemd/system/surfsharkd2.service; enabled; preset:
enabled)
Active: active (running) since Sat 2023-12-16 13:30:24 MST; 1min 12s ago
Main
journalctl -b -1 -g DENIED --no-pager
-- No entries --
┌───>
│~
└─> journalctl -b -1 -g ALLOWED --no-pager
-- No entries --
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
sudo aa-status |grep surfshark
surfshark
will reboot to see
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status in
Sure thing
nano /etc/apparmor.d/surfshark
*abi ,
include
profile surfshark /opt/Surfshark/surfshark flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
Reload apparmor and presto.
Reboots are golden
--
You
@jjohansen that link come in pretty handy.
I will link to it when helping others
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark
Bingo, it worked, and this is new but spot on
*"programs using userns (often used for sandboxing) now _must have_ an
AppArmor profile."
**Thanks cboltz :-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
12 matches
Mail list logo