*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Late for the party, But>>> Verified on KVM install
"Active apt repos in:
/etc/apt/sources.list.d/apparmor-dev-ubuntu-unprivileged-userns-noble.sources
1: deb
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
The surfshark profile has been uploaded to the
https://launchpad.net/~apparmor-dev/+archive/ubuntu/unprivileged-userns
ppa for testing
--
You received this bug notification because you are a member of
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
** This bug has been marked a duplicate of bug 2046844
AppArmor user namespace creation restrictions cause many applications to
crash with SIGTRAP
--
You received this bug notification because you are
@jjohansen that link come in pretty handy.
I will link to it when helping others
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark
Sure thing
nano /etc/apparmor.d/surfshark
*abi ,
include
profile surfshark /opt/Surfshark/surfshark flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
Reload apparmor and presto.
Reboots are golden
--
You
Also for others that might find this bug, there is documentation around
userns mediation in the apparmor wiki
https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
@1fallen did you can you update this bug with the exact profile you used
so we can add it to the set of profiles that is being installed by
default.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Bingo, it worked, and this is new but spot on
*"programs using userns (often used for sandboxing) now _must have_ an
AppArmor profile."
**Thanks cboltz :-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
sudo aa-status |grep surfshark
surfshark
will reboot to see
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status in
> with the new apparmor Candidate: 4.0.0~alpha2-0ubuntu7
> DistroRelease: Ubuntu 24.04
This bug smells like a userns issue - programs using userns (often used
for sandboxing) now _must have_ an AppArmor profile.
Can you please save the following as /etc/apparmor.d/surfshark? (Adjust
the path to
Here
*└─> sudo dmesg | grep DENIED
[sudo] password for me:
┌───>
│~
└─>
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks
Can you include the output of
sudo dmesg | grep DENIED
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status in apparmor
journalctl -b -1 -g DENIED --no-pager
-- No entries --
┌───>
│~
└─> journalctl -b -1 -g ALLOWED --no-pager
-- No entries --
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
After reboot with apparmor active
* systemctl status surfsharkd2.service
● surfsharkd2.service - Surfshark Daemon2
Loaded: loaded (/lib/systemd/system/surfsharkd2.service; enabled; preset:
enabled)
Active: active (running) since Sat 2023-12-16 13:30:24 MST; 1min 12s ago
Main
aa-status
apparmor module is loaded.
100 profiles are loaded.
31 profiles are in enforce mode.
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
With apparmor
*grep 'network' /etc/apparmor.d/ab*/*
/etc/apparmor.d/abi/3.0:network {af_unix {yes
/etc/apparmor.d/abi/3.0:network_v8 {af_mask {unspec unix inet ax25 ipx
appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink
packet ash econet atmsvc rds sna irda pppox
No apparmor still but i will include
*grep 'network' /etc/apparmor.d/ab*/*
grep: /etc/apparmor.d/abstractions/base.d: Is a directory
/etc/apparmor.d/abstractions/libvirt-qemu: network inet stream,
/etc/apparmor.d/abstractions/libvirt-qemu: network inet6 stream,
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status
18 matches
Mail list logo