An couple additional notes On aa-notify yes it would be ideal if something like what aa-notify allows was installed by default on the desktop. It is a work in progress; it needs several improvements: design/interface layout, settings options/controls, and to be moved from a post (after the fact) notification prompt to a prompt that can allow the operation the first time (instead of having the application fail/die the first time).
On why the restriction needs to be opt out. Basically opt in allows for arbitrary by-pass, even opt out in its current form can be by-passed because of compromises made in to enable deployment without breaking the world (see https://blog.qualys.com/vulnerabilities-threat- research/2025/03/27/qualys-tru-discovers-three-bypasses-of-ubuntu- unprivileged-user-namespace-restrictions). These will be eventually fixed as new features (like prompt) are enabled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2136883 Title: apparmor_restrict_unprivileged_userns breaks some Electron, Chromium, and QtWebEngine applications To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2136883/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
