> Nautilus functionality around e.g. thumbnail previews might gracefully > degrade if it depends on unconfined user namespaces for sandboxing. Other > user scripts might also use unconfined user namespaces and would likewise > fail if their creation is denied.
This is happening in Noble after this upload, thumbnailing in Nautilus is no longer working due to libgnome-desktop's use of bwrap for thumbnailing, see, https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/2148075 Shouldn't this SRU have also shipped the bwrap-userns-restrict profile? I validated that the version of this extra profile targetting the 4.0 abi[1] resolves the issue, but given it's from the extra directory and not considered mature enough by upstream, I'm unsure what the recommended fix is to restore libgnome-desktop based thumbnailing without reintroducing the security bypass that the profile removal was intended to close. [1] https://gitlab.com/apparmor/apparmor/-/commit/1979af7710d0f38db6680bd7c19c80902f11f969 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142792 Title: The busybox and nautilus profiles in 24.04 should be removed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2142792/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
