edubuntu-bugs team mailing list archive

Thread
Date

[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Aaron Rainbolt <2046844@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Apr 2024 21:51:41 -0000
Reply-to: Bug 2046844 <2046844@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

I believe bwrap was ignored intentionally, as the point of the apparmor
change was to prevent arbitrary apps from making unprivileged user
namespaces with capabilities. Allowing Bubblewrap to do so would provide
a loophole. Same reason `unshare` isn't allowed to make unprivileged
namespaces with capabilities.

Perhaps something about libgnome-desktop is incorrectly assuming it
needs capabilities that it doesn't actually need? Or is the ability to
make unprivileged user namespaces with no capabilities failing somehow?

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions