[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 I will add here as well that we have an update of the firefox profile coming that supports the /opt/firefox/firefox location used as the default install for the firefox downloaded directly from mozilla.org -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 Hi cipricus, can you specify how and where your firefox was installed? We are trying to support multiple variations including downloading directly from mozilla if it is installed to the standard location? mruffell is correct in his assessment that this is due to firefox not correctly handling user namespace mediation. This can be seen in your dmesg with the following messages [ 69.033622] audit: type=1400 audit(1709714939.278:138): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=2922 comm=495043204C61756E6368 requested="userns_create" target="unprivileged_userns" [ 69.037108] audit: type=1400 audit(1709714939.282:139): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=2982 comm=53616E64626F7820466F726B6564 capability=21 capname="sys_admin" Unfortunately firefox does not handle the error returned when it tries an operation that require sys_admin capability gracefully resulting in the crash. mruffell has already provided all the relevant links so I will just supplement that information 1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox 2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/ 3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user- namespaces -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 Hi cipricus, This is a security feature working as intended. Ubuntu recently decided to disable unprivileged access to user namespaces. You can find more information it about it here: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844 It was included (but turned off in 23.10). In 24.04, it has been turned on. We have been adding apparmor profiles for most packaged applications. Saying that, firefox downloaded from tarballs or other places don't come with an apparmor profile, so the mitigation isn't relaxed for them. You can enable user namespaces by either making a apparmor profile for your firefox installs, making sure the directory where firefox is installed is correct in the profile, or by just enabling user namespaces for your system. There is instructions to do this in the first blog link. Thanks, Matthew ** This bug has been marked a duplicate of bug 2046844 AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
** Description changed: - All details are to be found in my previous bug report [Tabs of non- - flatpak Firefox (and non-flatpak Firefox-based browsers) crash in - Kubuntu - 24.04](https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2056190). + All details are to be found in my previous bug report + (https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2056190). Given that simply reverting to kernel 6.5.0-17-generic fixes the problem, the bug seems to be with the 6.8.0 kernel. Therefore I'm posting this. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: linux-image-6.8.0-11-generic 6.8.0-11.11 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CRDA: N/A CasperMD5CheckResult: pass CurrentDesktop: KDE Date: Wed Mar 6 09:49:36 2024 InstallationDate: Installed on 2023-10-04 (154 days ago) InstallationMedia: Kubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) MachineType: Sony Corporation VPCSB2P9E ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.8.0-11-generic root=UUID=0dbb7177-a759-43f8-86d2-53e3253805d5 ro quiet splash vt.handoff=7 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: - linux-restricted-modules-6.8.0-11-generic N/A - linux-backports-modules-6.8.0-11-generic N/A - linux-firmware20240202.git36777504-0ubuntu1 + linux-restricted-modules-6.8.0-11-generic N/A + linux-backports-modules-6.8.0-11-generic N/A + linux-firmware20240202.git36777504-0ubuntu1 SourcePackage: linux UpgradeStatus: Upgraded to noble on 2024-03-04 (2 days ago) dmi.bios.date: 11/16/2011 dmi.bios.release: 20.85 dmi.bios.vendor: INSYDE dmi.bios.version: R2085H4 dmi.board.asset.tag: N/A dmi.board.name: VAIO dmi.board.vendor: Sony Corporation dmi.board.version: N/A dmi.chassis.asset.tag: N/A dmi.chassis.type: 10 dmi.chassis.vendor: Sony Corporation dmi.chassis.version: N/A dmi.ec.firmware.release: 20.85 dmi.modalias: dmi:bvnINSYDE:bvrR2085H4:bd11/16/2011:br20.85:efr20.85:svnSonyCorporation:pnVPCSB2P9E:pvrC609DJQ5:rvnSonyCorporation:rnVAIO:rvrN/A:cvnSonyCorporation:ct10:cvrN/A:skuN/A: dmi.product.family: VAIO dmi.product.name: VPCSB2P9E dmi.product.sku: N/A dmi.product.version: C609DJQ5 dmi.sys.vendor: Sony Corporation -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
