> Am I correct in understanding, the Thunderbird snap does not allow
profiles to set paths to locations outside the snap confinement? And if
so, is that something specific to running a live system or is it
something any Lubuntu 24.04 installation is now stymied by?
it is a property of the snap,
Sigh, that should be Unfortunately snap doesn't currently have ...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064363
Title:
thunderbird snap on live systems "already running" but not responsive
> I'm sorry, would you mind elaborating? profiles.ini allows
configuration of where each profile stores emails, so what are the
consequences of my doing that? I used it, and the same PATH variable,
prior to 24.04 without problem.
that will direct thunderbird to access your emails stored at the
It shouldn't but we do need to make sure it works.
Previously flatpak was getting around the bwrap restriction by using the
flatpak unconfined profile. But the unconfined profile uses pix which
means it will now use the bwrap profile, when calling bwrap.
If this does cause breakage we will need
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056496
Title:
[FFe] AppArmor 4.0-beta2 + prompting support for noble
To
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056517
Title:
VS Code profile still broken.
To manage notifications about
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060767
Title:
Foliate does not run in Ubuntu 24.04 due to apparmor issue
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060810
Title:
Wike does not run in Ubuntu 24.04 due to apparmor issue
To manage
the
Path=/media/lubuntu/drive/hq/email/thunderbird/certainprofilegoeshere
explains it
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064363
Title:
thunderbird snap on live systems "already running"
This requires a v4.0 apparmor parser and Ubuntu not upstream kernel.
The ubuntu kernel carries a patch that is work toward splitting
unconfined and making so it can replaced and only cause mediation
overhead for the classes being mediated.
The 4.0 parser is setting mediated classes in unconfined
@smoelius:
If you are interested in learning more of the processes, you can read
about it at https://wiki.ubuntu.com/StableReleaseUpdates
To summarize the upload is at step 4 of the procedures. It has been
uploaded but has not been promoted to the -proposed pocket. Once it has
been accepted it
Uhmmm sorry Oracular not Oneiric, seems I am a full 13 years out of sync
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065708
Title:
Add Picture button in Background does not allow you to select
I can report the bwrap-userns-restrict profile in Oneric makes this work
for me. This fix migrated out of proposed this week, so it has only been
available for a few days.
We will work on getting it SRUed to noble.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
@samlan00:
you should be able to revert your fix on Oneiric.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065708
Title:
Add Picture button in Background does not allow you to select
wallpaper
Agreed that, we don't want to remove sandboxing on the thumbnailer. We
are looking at what we can do for a fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065708
Title:
Add Picture button in
@mhalano:
can you check your logs for apparmor denial messages?
sudo dmesg | grep DENIED
or
journalctl -g apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user
I opened a Ubuntu Noble specific task. We can close it after verifying
the current apparmor in noble fixes the issue.
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Noble)
Importance: Undecided
Status: New
--
You
Yes for the appimages that are affected they should be reported
upstream. There are some things that upstream can do to make appimages
work under the restriction, ideally they would do it dynamically based
on whether the user namespace is available than just based on distro
which is the quick fix
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Maxime BĂ©lair (mbelair)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065685
Title:
aa-logprof fails with 'runbindable' error
To
The AppArmor profile covers the packaged version and the standard
privileged install location. You are correct that it does not cover
running firefox from an unprivileged user writable location like $HOME.
For unprivileged user writable locations like $HOME/bin/ the user has to
deliberately make
@jorge-lavila:
technically possible yes. I want to be careful with what I promise here,
as the user experience is not my area. With that said we are currently
looking at using aa-notify as a bridge to improve the user experience.
We would install it with a filter to only fire a notification for
@zgraft:
I have added a tor item, a profile will land in an update.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@jorge-lavila,
Its not a theoretical case, they have been used by multiple exploits
every year (including this one) since landing in the kernel. Ubuntu is
not the only ones looking at restricting them. SELinux has also picked
up the ability but they haven't really rolled it out in policy, there
Your understanding is mostly correct. There are as best I can tell, 2
exceptions with how things are setup atm
1. If the environment is setup to use early policy load, the init script
bailout won't stop that policy from being loaded. But it prevents it
from being live updated via systemctl reload
sadly yes, the init script has a bail out that stops loading policy on
the live cd. We are going to have to investigate this.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
s/live cd/live image/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065088
Title:
AppArmor profiles allowing userns not immediately active in 24.04 live
image
To manage notifications about this
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
@1fallen: it looks like there is something more going on here, can you
check your kernel log / dmesg for apparmor DENIED messages.
eg.
```
sudo dmesg | grep DENIED
```
--
You received this bug
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
As for upgrade vs. clean install. The unprivileged userns restriction is
enabled via a sysctl and upgrading will not enable it by default.
--
You received this bug notification because you are a member of
Unfortunately there isn't a way to do this via abstractions or configs.
It would be possible to add a patch to the userspace and SRU it. This
would be the quickest solution while we work on the necessary kernel
changes to make the use of attach_disconnected unnecessary.
--
You received this bug
Does the profile have the attach_disconnected flag set?
Does the profile have the attach_disconnected flag set while in complain
mode?
It looks to me that we are looking at open file descriptors that exist
out of the current namespace. This will result in a partial unattached
path that will not
So while I don't think we are where snapd can get rid of the snap-
confine.internal snippets, with it now vendoring a more recent apparmor,
a lot of these can drop away. It doesn't need to detect capabilities
anymore.
It can just specify
deny capability perfmon,
and it will work, for all
@neigin: yes the capability to resolve this exists. So now it is a matter of
getting it functioning in snapd for these cases. This will get resolved I just
can't say when it will land.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@u-dal:
thankyou, though I have to say I am at a loss as to why the snap version
of thunderbird is trying to access
```
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/lock
```
what kind of configuration have you done? I
So my supposition on the overlay looks to be incorrect. Would you being
willing to attach your full mount information?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064363
Title:
thunderbird snap
For the thunderbird issue I have created
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace
@u-dal:
can you attach the overlay mount information.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064363
Title:
thunderbird snap on live systems "already running" but not responsive
To manage
Public bug reported:
Moving this here from
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844
snap policy on an overlay system is preventing thunderbird from running.
This is related to the snapcraft form report
https://forum.snapcraft.io/t/unexplained-thunderbird-already-running-
** Attachment added: "dmesg denial output"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+attachment/5773409/+files/comment-106.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: "dmesg denial output"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+attachment/5773408/+files/comment-106.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@u-dal:
the problem with firefox (it has a snap profile and is allowed access to
user namespaces) is different than with chrome (no profile loaded), but
still might be apparmor related. Can you look in dmesg for apparmor
denials
```
sudo dmesg | grep DENIED
```
--
You received this bug
@u-dal:
are you running in a live cd environment? Something odd is happening on your
system, with some profiles loaded and systemctl reporting
ConditionPathExists=!/rofs/etc/apparmor.d
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@u-dal:
This sounds like the apparmor policy is not being loaded can you please
provide the output of
```
sudo aa-status
```
and
```
sudo systemctl status apparmor
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
> To clarify, this is not something that can be solved upstream in
apparmor, and a profile can't be accepted due to the nature of the path
location?
correct, if it is a unprivileged user writable location it can't be
fixed entirely upstream. It is possible for us to ship a profile that is
running privileged applications out of home is dirty. But it is the
situation we are in with user namespaces and app images as well. Ubuntu
will not ship a profile for a privileged executable in the users home or
a writable location of an unprivileged user. As this can be leveraged to
by-pass the
Commit 789cda2f089b3cd3c8c4ca387f023a36f7f1738a only controls the
behavior of unprivileged user namespace mediation.
With the unprivileged_userns profile loaded, when a user namespace is
created by an unprivileged unconfined application the task will be
transitioned into the unprivileged_userns
Balena Etcher 1.18 dpkg won't install on 24.04 due to dependency issues,
1.19.16 installs fine and runs, but in a degraded sandbox mode. So
adding a profile for it would be beneficial
The appimage version of Belena Etcher unfortunately fails to run. We can not
provide a default profile for the
The Wike fix is coming in the next SRU.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
Its not just that app images don't have a default path, we can handle
that as well. It is that user namespaces have become a privileged
operation, and the user must take some privileged action to allow
applications to use them.
That can be any of
- moving the application into a well known
Unless there are other denials, this is not related to bug #2046844
Try adding the following rule to the torbrowser_firefox profile
allow rw /run/dbus/system_bus_socket,
and then reloading it with either
sudo systemctl reload apparmor
or by using
sudo apparmor_parser -r
To make this generic so that it will work on older and newer hosts we
should probably change the peer expression to
signal (receive) peer={runc,unconfined},
or possibly, define an @{runc} variable in the preamble and use that.
This really only is advantageous, in that it shows semantic intent,
I will note that current snap behavior is by design. Not saying that
they couldn't make this easier but the snap side is functioning the way
it was desiged.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
unfortunately Joplin is only shipped as an appimage for Linux. Which
means we can not ship a profile for it by default that will allow it to
use capabilities within the unprivileged user namespace that the
electron embedded browser is attempting to use.
This means that the user is required to
the kernel team is already rolling kernels with the fix for 2061851 but
it is also building in https://launchpad.net/~apparmor-
dev/+archive/ubuntu/apparmor-devel ppa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This is likely a dup of
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2061851
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061869
Title:
Snaps unable to connect to network under
More applications will be getting confinement, on an individual level I
don't think it will be everything from debs. In this case its because it
uses unprivileged user namespaces. Which is now being restricted and
treated as a semi-privileged because it gives access to several
privileged kernel
There are vague plans, yes. The time line of it has not been scoped, but
it would be something akin to what happens on macos when you try to run
a downloaded application for the first time and you have to go into
their security config to allow it.
The application will still be "confined" but it
The fix has been merged upstream in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1209
it will be in the next release.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
-
@arraybolt3: Answer to your question. bwrap requires capabilities within
the user namespace. unshare is a little more forgiving in that what it
requires depends on the options passed but most of the options also
require capabilities within the user namespace.
The potential solution I mention is
@arraybolt3 is correct. Both unshare and bwrap will not get a unconfined
profile, as that allows for an arbitrary by-pass of the restriction.
There is a potential solution in the works that will allow for bwrap and
unshare to function as long as the child task does not require
permissions but at
It is in the SRU queue and the current ETA is April 15 to land in the
proposed pocket (archive proposed not security proposed ppa), there is a
caveat that the recent xz backdoor has caused some "fun" on the archive
side and could potentially cause some delays.
--
You received this bug
Fixed by MR https://gitlab.com/apparmor/apparmor/-/merge_requests/1196
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060100
Title:
denials from sshd in noble
To manage notifications about this
Public bug reported:
2024-03-27T00:10:28.929314-04:00 image-ubuntu64 kernel: audit: type=1400
audit(1711512628.920:155): apparmor="DENIED" operation="bind"
class="net" profile="/usr/sbin/sshd" pid=1290 comm="sshd" family="unix"
sock_type="stream" protocol=0 requested_mask="bind"
We have an update of the firefox profile coming that supports the
/opt/firefox/firefox location used as the default install for the
firefox downloaded directly from mozilla.org
If you are running firefox out of your home directory, that will not be
directly supported and you will need to chose to
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
I will add here as well that we have an update of the firefox profile
coming that supports the /opt/firefox/firefox location used as the
default install for the firefox downloaded directly from mozilla.org
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hi cipricus,
can you specify how and where your firefox was installed? We are trying
to support multiple variations including downloading directly from
mozilla if it is installed to the standard location?
@coeur-noir:
Are you installing firefox to /opt/ as recommended or using it local in
your user account?
as for bwarp, maybe it is known to be problematic. It is allowed to run and to
create a user namespace but it is denied all capabilities within the namespace.
Can you run
sudo dmesg |
** Changed in: linux (Ubuntu Focal)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045384
Title:
AppArmor patch for mq-posix interface is missing in jammy
To manage
1. Yes. The backport was for 5.15 jammy kernels including HWE
derivatives. The user space SRU was done in bug
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1994146
which included Focal. The intent being Focal will only support mqueue if
it is using and HWE kernel.
2. Yes that makes
So what I think is going on from a first pass look at this is that
We are seeing a change in kernel behavior around exec. The 6.8 has a
known change here, that doesn't normally trigger because unconfined is
delegating access into the profile. However in the lxd case, unconfined
can is not
Do we know if there is a difference in the kernel between the runs?
The 2.0.0.0~0ubuntu3 autopackage run log I was pointed at was on a
Linux 5.4.0-170-generic #188-Ubuntu
Do we know what kernel that 2.0.0-0ubuntu7 is failing on? There was a
change to when security checks were made in on the
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.
So it depends on what you mean by enabled. The standard check to see if
apparmor is enabled is to check the kernel for its presence, and if the
kernel module reports that it is enabled. This is a separate state from
if policy is loaded.
The apparmor library generally provides the check, but it
@ajg-charlbury: no apparmor beta3 has not landed in proposed yet, we are
working on the upload now. firefox separately have added a bug fix that
will detect when the user namespace/capabilities are denied and fallback
without crashing but it disables the full sandbox.
the apparmor-beta3 fix
@ajg-charlbury: yes, firefox we are well aware of the problem, the
firefox profile has been tweaked for beta3 (landing this week) so that
it should work with the new deb.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@arraybolt3: qutebrowser should be fixed in beta3
** Changed in: qutebrowser (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: qmapshack (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: notepadqq (Ubuntu)
Assignee: (unas
@kc2bez: qmapshack should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with
@kc2bez: I have been able to verify that privacybrowser is not working.
However it is not due to the apparmor user namespace restrictions.
I get the following segfault out of dmesg
[ 1591.466016] privacybrowser[7743]: segfault at 8 ip 70bb4dd11ccc sp
7ffd5c6587e0 error 4 in
@kc2bez: pageedit should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
@kc2bez: notepadqq should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with
@kc2bez:
there are no updated deb packages in the ppa for kiwix.
the kiwix appimage worked for me.
kiwix flatpak worked for me.
I am not sure what you were seeing. But I we are going to need more
information.
** Changed in: kiwix (Ubuntu)
Status: Confirmed => Incomplete
--
You
hi @vvaleryan-24,
I have been able to replicate the crash you are seeing but it is not do
to the user namespace restriction. The restrictions logging does not
happen, and I can put it in an unconfined profile and it still doesn't
help. From dmesg I find the following segfault
[79854.520976]
I have confirmed this is not due to the AppArmor user namespace
restriction. When trying to search for an application the application
will crash with the following segfault
[79854.520976] gpk-application[19250]: segfault at 8 ip 5930eec2dba8 sp
7fff471b6b70 error 4 in
this will be fixed in Beta
** Changed in: kchmviewer (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: rssguard (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: supercollider (Ubuntu)
Assignee: (unassigned) => John
sorry this won't be fixed in Beta3 that note was for goldendict
** Changed in: gnome-packagekit (Ubuntu)
Assignee: John Johansen (jjohansen) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
Will be fixed in Beta3
** Changed in: goldendict-webengine (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppAr
we will be fixed in Beta3
** Changed in: gnome-packagekit (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppAr
I have tested gnome-packagekit and it never trigger unprivileged user
namespace mediation. Can you please provide more information on how you
triggered it.
** Changed in: gnome-packagekit (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a
** Changed in: loupe (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: geary (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: firefox (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug
supercollider will work on current noble. Since it is using QTWebEngine
it has a graceful fallback when capabilities within the user namespace
are denied.
supercollider will have a profile and be fixed in Beta3, so it doesn't
even have to do the fallback.
--
You received this bug notification
I have tried freecad and unprivileged user namespace restrictions are
not the problem. freecad snap works, freecad ppa does not have a noble
build yet but the mantic build can be made to work.
freecad daily appimage: works
freecad appimage: stable fails with mesa or qt errors depending on
@sudipmuk loupe should be fixed in Beta3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
@eeickmeyer geary should be fixed in Beta3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many applications
to crash with SIGTRAP
@guyster, @eldmannen+launchpad, @valeryan-24
Firefox dailies now have a work around, by detecting and disabling the
user namespace. The proper fix that should allow firefox to still use
the user namespace for its sandbox will land in Beta3, landing early
next week.
--
You received this bug
@pitti: yes this intended. At this stage we are essentially enumerating
the known users of unprivileged user namespaces. We can ship the profile
for you or you are welcome to ship it.
In the future this is going to gradually tighten, some of the
"unconfined" profiles will be developed into real
** Changed in: nautilus (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2047256
Title:
Ubuntu 24.04 Some image thumbnails no longer displayed
To
It solves several problems, but not all.
With regard to unprivileged user namespace mediation it should fix
- mscode
- nautilis
- devhelp
- element-desktop
- piphany
- evolution
- keybase
- opam
the element-desktop is still known to have some issues, which are on the snapd
side. It
@valeryan-24 ModuleNotFoundError: No module named 'imp'" says that your
Gpodder issue is not related to this bug. You are missing a dependency
the 'imp' module. If Gpodder is packaged it will need to add that as
part of its install dependencies.
--
You received this bug notification because you
the plasmashell profile is necessary for it to work under unprivileged
user namespace restrictions.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056696
Title:
All Snaps are denied the ability to
Yeah work needs to be done on this. Ideally it will go into upstream,
but I expect we (Canonical/Ubuntu) will have to do the work. The issue
is really just one of time, and priority. We have a huge backlog so
unless this gets prioritized its not going to happen soon.
--
You received this bug
** Changed in: steam (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
1 - 100 of 8095 matches
Mail list logo