← Back to team overview

edubuntu-bugs team mailing list archive

[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

 

The reason I was suggesting a single attribute to enable user namespace
creation is because of the myriad of third-party apps that we probably
*aren't* going to catch here that users use out there that require user
namespace privileges. For instance, there are probably at least some
QtWebEngine-based web browsers that aren't in the archive and that we
will never hear of until someone complains that they're broken. Many
other apps may need these same privileges for whatever reason. It seems
odd to expect users to write custom AppArmor policies for each of these,
and it seems unrealistic to think we're going to be able to simply catch
them as they pop up - SRU updates don't go fast enough for this to be
practical in most instances. Having the ability for an end-user to
simply set an attribute and be done seems like it would still be secure
(you have to have root privileges to set the attribute), and simple
enough for someone to Google and find the fix, or ask in an Ubuntu
support room and be provided a one-line fix.

We can use fine-grained controls all we want *in* Ubuntu. It's the users
who have to extend those controls that I'm thinking about.

I'll test the latest attribute attachment profile you suggested. Thanks!

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844/+subscriptions