> with the new apparmor Candidate: 4.0.0~alpha2-0ubuntu7
> DistroRelease: Ubuntu 24.04
This bug smells like a userns issue - programs using userns (often used
for sandboxing) now _must have_ an AppArmor profile.
Can you please save the following as /etc/apparmor.d/surfshark? (Adjust
the path to surfshark to the real path - /PATH/TO/ is for sure incorrect
;-)
abi <abi/4.0>,
include <tunables/global>
profile surfshark /PATH/TO/surfshark flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/surfshark>
}
Note: If I get comment #5 right, the actual executable might be /usr/bin/gjs.
You can use this path in the profile _for testing_, but the real solution is to
have a profile specific to surfshark, possibly with AppArmorProfile=surfshark
in the systemd unit.
After creating the profile, reload the AppArmor profiles to enable the
new profile.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status in apparmor package in Ubuntu:
New
Bug description:
with the new apparmor Candidate: 4.0.0~alpha2-0ubuntu7
Breaks my VPN
*surfshark
[33104:1216/072144.904027:FATAL:credentials.cc(127)] Check failed: . :
Permission denied (13)
Trace/breakpoint trap
It will work with --no-sandbox "surfshark --no-sandbox" not ideal.
I removed apparmor for proof
*apt policy apparmor
apparmor:
Installed: (none)
Candidate: 4.0.0~alpha2-0ubuntu7
Version table:
4.0.0~alpha2-0ubuntu7 500
500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Now my VPN works as expected, spent 2 hrs this morning with surfshark
support, they will get back to me in a day or two, but they can't find anything
wrong on their end.
So far it points to apparmor
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: apparmor (not installed)
ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3
Uname: Linux 6.5.0-9-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia zfs
ApportVersion: 2.27.0-0ubuntu6
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: XFCE
Date: Sat Dec 16 10:40:00 2023
InstallationDate: Installed on 2023-12-10 (6 days ago)
InstallationMedia: Xubuntu 24.04 "Noble Numbat" - Daily amd64 (20231127)
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.apport:
# set this to 0 to disable apport, or to 1 to enable it
# you can temporarily override this with
# sudo service apport start force_start=1
enabled=0
mtime.conffile..etc.default.apport: 2023-12-12T09:43:48.905263
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046624/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
