We had a mitigation for this in glibc but the latest change from simply denying the unshare() call to allowing it but then denying anything requiring capabilities *presumably* broke the glibc test suite again. I'm only basing this from looking at the test logs, as I'm temporarily unable to run autopkgtests locally and am lacking the time to fix it.
2 classes of errors: 2770s FAIL: stdlib/tst-system 2770s original exit status 1 2770s error: test-container.c:1136: could not create a private mount namespace That one is clearly userns-related, as it's due to a failing mount() call right after unshare() 2770s FAIL: sunrpc/tst-svc_register 2770s original exit status 1 2770s error: xwrite.c:32: write of 12 bytes failed after 0: Operation not permitted 2770s error: 1 test failures I can't tell for sure what this one is about since this is your basic write() call and I don't have a stack trace at hand, but the EPERM would suggest that it's related. I think a first fix would be to amend the test script to disable the userns restriction entirely for the duration of the tests (using 'needs- sudo'), while I'll still need to patch the test suite eventually to handle this new failure mode gracefully and simply ignore the tests, akin to https://sourceware.org/pipermail/libc- alpha/2024-February/154754.html -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to bubblewrap in Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP Status in akonadiconsole package in Ubuntu: Fix Released Status in akregator package in Ubuntu: Fix Released Status in angelfish package in Ubuntu: In Progress Status in apparmor package in Ubuntu: Fix Released Status in bubblewrap package in Ubuntu: Confirmed Status in cantor package in Ubuntu: Fix Released Status in devhelp package in Ubuntu: Fix Released Status in digikam package in Ubuntu: Fix Released Status in epiphany-browser package in Ubuntu: Fix Released Status in evolution package in Ubuntu: Fix Released Status in falkon package in Ubuntu: Fix Released Status in freecad package in Ubuntu: Confirmed Status in ghostwriter package in Ubuntu: Fix Released Status in gnome-packagekit package in Ubuntu: Confirmed Status in goldendict-webengine package in Ubuntu: Confirmed Status in kalgebra package in Ubuntu: Fix Released Status in kchmviewer package in Ubuntu: Confirmed Status in kdeplasma-addons package in Ubuntu: Confirmed Status in kgeotag package in Ubuntu: Fix Released Status in kiwix package in Ubuntu: Confirmed Status in kmail package in Ubuntu: Fix Released Status in konqueror package in Ubuntu: Fix Released Status in kontact package in Ubuntu: Fix Released Status in marble package in Ubuntu: Fix Released Status in notepadqq package in Ubuntu: Confirmed Status in opam package in Ubuntu: Fix Released Status in pageedit package in Ubuntu: Confirmed Status in plasma-desktop package in Ubuntu: Confirmed Status in plasma-welcome package in Ubuntu: Fix Released Status in privacybrowser package in Ubuntu: Confirmed Status in qmapshack package in Ubuntu: Confirmed Status in qutebrowser package in Ubuntu: Confirmed Status in rssguard package in Ubuntu: Confirmed Status in steam package in Ubuntu: Fix Committed Status in supercollider package in Ubuntu: Confirmed Status in tellico package in Ubuntu: Fix Released Bug description: Hi, I run Ubuntu development branch 24.04 and I have a problem with Epiphany browser 45.1-1 (Gnome Web): program doesn't launch, and I get this error $ epiphany bwrap: Creating new namespace failed: Permission denied ** (epiphany:12085): ERROR **: 14:44:35.023: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1 Trappe pour point d'arrêt et de trace (core dumped) $ epiphany bwrap: Creating new namespace failed: Permission denied ** (epiphany:30878): ERROR **: 22:22:26.926: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1 Trappe pour point d'arrêt et de trace (core dumped) Thanks for your help! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/akonadiconsole/+bug/2046844/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
