Thanks for the reply! My use case is this one 'shipped as a .tar.gz that people unpack into their home dir and then use'. To me it seems counter-intuitive to force applications to run un-sanboxed for added security; both the solutions proposed (with the application profile and to turn off the user namespace restrictions) would require root privileges, which I currently do not require users to have to be able to run my application. Does Ubuntu have plans for an alternative to bubblewrap sandboxing? Blocking kernel features because they might be exploited seems really extreme.
-- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to devhelp in Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
