edubuntu-bugs team mailing list archive

Thread
Date

[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Jorge LaviLa <2046844@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 May 2024 19:40:47 -0000
Reply-to: Bug 2046844 <2046844@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Thanks for the reply!

My use case is this one 'shipped as a .tar.gz that people unpack into
their home dir and then use'. To me it seems counter-intuitive to force
applications to run un-sanboxed for added security; both the solutions
proposed (with the application profile and to turn off the user
namespace restrictions) would require root privileges, which I currently
do not require users to have to be able to run my application. Does
Ubuntu have plans for an alternative to bubblewrap sandboxing? Blocking
kernel features because they might be exploited seems really extreme.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions