edubuntu-bugs team mailing list archive

Thread
Date

[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: John Johansen <2046844@xxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Aug 2024 22:38:18 -0000
Reply-to: Bug 2046844 <2046844@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

An updated aa-notify that can prompt the user to create a profile is
available in oracular, and for noble via
https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-backports.
The plan is to get more testing on it and then SRU to noble.

it can be install via
  sudo apt install apparmor-notify

basic instructions are available via
  man aa-notify

it will install a default configuration in "/etc/apparmor/notify.conf".
The default configuration can be modified on a per user basis by copying
it to "$XDG_CONFIG_HOME/apparmor/notify.conf" which is generally
"$HOME/.config/apparmor/notify.conf" or to
"$HOME/.apparmor/notify.conf". A custom configuration is not needed
unless you want to use filtering to make it less noisy.

Currently regular notifications will happen for all apparmor events, but they can be filtered using the config file.
  

the notifier can be started via the shell with
  aa-notify -p -s1 --prompt-filter=userns

or by adding it to startup applications

There is a bug with the user namespace notification where it currently
requires "--prompt-filter=userns" as part of the command arguments
instead of being set in the config file.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions