Disabling the user namespace restriction is certainly one possible
direction, and would be the easiest for Noble.
The other possible route is using aa-notify, which now has the ability
to produce a prompt for the user. An example gif can be seen at
https://gitlab.com/-/project/4484878/uploads/ea5f
FWIW this also results in Evolution breaking on the Ubuntu MATE live
image. There are multiple bug reports about this.
If enabling the profiles is too drastic, maybe it's possible to disable
the AppArmor user namespace restrictions on the live ISO using `echo 0 |
sudo tee /proc/sys/kernel/apparmor
I have the same problem on fresh install and sudo apt update and upgrade
just done after launch. is a critical problem touch same arch linux.
people install steam. they close is and never open again. i try
different version on application center same problem. steam is on top
right corner menu load
Your understanding is mostly correct. There are as best I can tell, 2
exceptions with how things are setup atm
1. If the environment is setup to use early policy load, the init script
bailout won't stop that policy from being loaded. But it prevents it
from being live updated via systemctl reload
> sadly yes, the init script has a bail out that stops loading policy on
the live cd
So am I understanding this correctly?
- everything in the live environment is effectively `unconfined`, and
before 24.04 this increased security exposure (no mitigations for
compromised/malicious apps) but could
sadly yes, the init script has a bail out that stops loading policy on
the live cd. We are going to have to investigate this.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
s/live cd/live image/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065088
Title:
AppArmor profiles allowing userns not immediately active in 24.04 live
image
To manage notifications about this
Installing from Valve's official steam-launcher .deb package runs into
the same problem. The same workaround works.
1. Boot an Ubuntu 24.04 live image, in a virtual machine with lots of RAM (I
gave it 8G) so that it will have enough space on the root tmpfs to install
Steam. Using Debian 12's lib