← Back to team overview

ubuntustudio-bugs team mailing list archive

[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

 

This bug was fixed in the package apparmor - 4.0.0~alpha4-0ubuntu1

---------------
apparmor (4.0.0~alpha4-0ubuntu1) noble; urgency=medium

  [Georgia Garcia]
  * New upstream release.
  * Add unconfined profiles to support the use unprivileged user namespace
    (LP: #2052297, LP: #2046844)
    - d/p/u/add-keybase-unconfined-profile.patch
    - d/p/u/add-more-unconfined-profiles.patch
  * Fix regression tests failures on regex.sh, exec.sh and userns.sh
    - d/p/u/tests-fix-usr-merge-failures-on-exec-and-regex-tests.patch
    - d/p/u/tests-handle-unprivileged_userns-transition-in-usern.patch
  * Drop patches which have now been applied upstream
    - d/p/u/userns-unconfined-profiles.patch
    - d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
    - d/p/u/tests-replace-individual-socket-permissions.patch
    - d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
    - d/p/u/binutils-aa_status.c-quiet-verbose-outputs-when-json.patch
    - d/p/u/oot-unconfined-profiles.patch
  * Refresh patches
    - d/p/d/etc-writable.patch
    - d/p/u/profiles-grant-access-to-systemd-resolved.patch
    - d/p/u/userns-runtime-disable.patch
  * d/apparmor.install
    - install new profiles
      - plasmashell
      - surfshark
      - unprivileged_userns
      - keybase
      - devhelp
      - epiphany
      - evolution
      - opam
    - renamed profiles
      - ch-checkns
      - ch-run
      - crun
      - flatpak
      - linux-sandbox
      - busybox
      - buildah
      - cam
      - ipa_verify
      - lc-compliance
      - libcamerify
      - qcam
      - podman
      - lxc-attach
      - lxc-create
      - lxc-destroy
      - lxc-execute
      - lxc-stop
      - lxc-unshare
      - lxc-usernsexec
      - mmdebstrap
      - vpnns
      - QtWebEngineProcess
      - systemd-coredump
      - rootlesskit
      - rpm
      - runc
      - virtiofsd
      - sbuild
      - sbuild-abort
      - sbuild-adduser
      - sbuild-apt
      - sbuild-checkpackages
      - sbuild-clean
      - sbuild-createchroot
      - sbuild-destroychroot
      - sbuild-distupgrade
      - sbuild-hold
      - sbuild-shell
      - sbuild-unhold
      - sbuild-update
      - sbuild-upgrade
      - slirp4netns
      - stress-ng
      - thunderbird
      - toybox
      - trinity
      - tup
      - userbindmount
      - uwsgi-core
      - vdens
      - chrome
      - msedge
      - brave
      - vivaldi-bin
  * d/apparmor.maintscript
    - add renamed profiles so they are removed on upgrade
  * d/libapache2-mod-apparmor.install
    - remove etc/apparmor.d/local/usr.sbin.apache2, no longer needed

  [John Johansen]
  * debian/rules:
    - don't run debian/put-all-profiles-in-complain-mode.sh on install

  [Alex Murray]
  * debian/apparmor.lintian-overrides:
    - suppress false-positive warning about needing a Depends: on adduser
      for the apparmor binary package

 -- Georgia Garcia <georgia.garcia@xxxxxxxxxxxxx>  Fri, 02 Feb 2024
16:12:21 -0300

** Changed in: apparmor (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

Status in akregator package in Ubuntu:
  Fix Released
Status in angelfish package in Ubuntu:
  In Progress
Status in apparmor package in Ubuntu:
  Fix Released
Status in bubblewrap package in Ubuntu:
  Confirmed
Status in cantor package in Ubuntu:
  Fix Released
Status in devhelp package in Ubuntu:
  Confirmed
Status in digikam package in Ubuntu:
  Fix Released
Status in epiphany-browser package in Ubuntu:
  Confirmed
Status in evolution package in Ubuntu:
  Confirmed
Status in falkon package in Ubuntu:
  Fix Released
Status in freecad package in Ubuntu:
  Confirmed
Status in ghostwriter package in Ubuntu:
  Fix Released
Status in gnome-packagekit package in Ubuntu:
  Confirmed
Status in goldendict-webengine package in Ubuntu:
  Confirmed
Status in kalgebra package in Ubuntu:
  Fix Released
Status in kchmviewer package in Ubuntu:
  Confirmed
Status in kdeplasma-addons package in Ubuntu:
  Confirmed
Status in kgeotag package in Ubuntu:
  In Progress
Status in kiwix package in Ubuntu:
  Confirmed
Status in kmail package in Ubuntu:
  Fix Released
Status in konqueror package in Ubuntu:
  Fix Released
Status in kontact package in Ubuntu:
  Fix Released
Status in marble package in Ubuntu:
  Fix Released
Status in notepadqq package in Ubuntu:
  Confirmed
Status in opam package in Ubuntu:
  Confirmed
Status in pageedit package in Ubuntu:
  Confirmed
Status in plasma-desktop package in Ubuntu:
  Confirmed
Status in plasma-welcome package in Ubuntu:
  In Progress
Status in privacybrowser package in Ubuntu:
  Confirmed
Status in qmapshack package in Ubuntu:
  Confirmed
Status in qutebrowser package in Ubuntu:
  Confirmed
Status in rssguard package in Ubuntu:
  Confirmed
Status in steam package in Ubuntu:
  Fix Committed
Status in supercollider package in Ubuntu:
  Confirmed
Status in tellico package in Ubuntu:
  Fix Released

Bug description:
  Hi, I run Ubuntu development branch 24.04 and I have a problem with
  Epiphany browser 45.1-1 (Gnome Web): program doesn't launch, and I get
  this error

  $ epiphany
  bwrap: Creating new namespace failed: Permission denied

  ** (epiphany:12085): ERROR **: 14:44:35.023: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1
  Trappe pour point d'arrêt et de trace (core dumped)

  $ epiphany
  bwrap: Creating new namespace failed: Permission denied

  ** (epiphany:30878): ERROR **: 22:22:26.926: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1
  Trappe pour point d'arrêt et de trace (core dumped)

  Thanks for your help!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/akregator/+bug/2046844/+subscriptions