I believe bwrap was ignored intentionally, as the point of the apparmor
change was to prevent arbitrary apps from making unprivileged user
namespaces with capabilities. Allowing Bubblewrap to do so would provide
a loophole. Same reason `unshare` isn't allowed to make unprivileged
namespaces with capabilities.

Perhaps something about libgnome-desktop is incorrectly assuming it
needs capabilities that it doesn't actually need? Or is the ability to
make unprivileged user namespaces with no capabilities failing somehow?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to