*** This bug is a duplicate of bug 2148074 ***
https://bugs.launchpad.net/bugs/2148074
**Nautilus thumbnails broken after AppArmor security update (CrackArmor
mitigation)**
**Affected package:** gnome-desktop3-data / libgnome-desktop / apparmor
**Ubuntu version:** 24.04
**Triggered by:** AppArmor CrackArmor security update (apparmor
4.0.1really4.0.1-0ubuntu0.24.04.6)
**Symptom:**
Nautilus stops generating image thumbnails (PNG, JPG) entirely after applying
the CrackArmor AppArmor security update. Previously cached thumbnails still
display, but no new thumbnails are created.
**Root cause:**
The CrackArmor mitigation enables
kernel.apparmor_restrict_unprivileged_userns=1 by default. gnome-desktop uses
bubblewrap (bwrap) to sandbox the thumbnailer process. bwrap requires
unprivileged user namespace creation to set up its network namespace, and fails
with:
bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted
This causes gdk-pixbuf-thumbnailer to never execute, and all thumbnail
generation silently fails with exit code 1.
**Workaround:**
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
echo 'kernel.apparmor_restrict_unprivileged_userns=0' | sudo tee
/etc/sysctl.d/99-fix-thumbnailer.conf
**Proper fix:**
Ship an AppArmor profile for bwrap/gnome-desktop-thumbnailer that explicitly
permits unprivileged user namespace creation, so the global restriction can
remain enabled without breaking thumbnail generation.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/2148628
Title:
new image files ( tested only with png, jpg, pdf ) fail to create
thumbnails in Nautilus.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/2148628/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
