ubuntustudio-bugs team mailing list archive

Thread
Date
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

To: ubuntustudio-bugs@xxxxxxxxxxxxxxxxxxx
From: Ondra Medek <2046844@xxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Oct 2024 19:26:44 -0000
Reply-to: Bug 2046844 <2046844@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
@jjohansen @georgiag Thanks for the replies and hints. I didn't have
apparmor profile and that fixes the problem. (I have created feature
request for electron-builder https://github.com/electron-
userland/electron-builder/issues/8635)

Without apparmor profile, an Electron.js app complains: The SUID sandbox
helper binary was found, but is not configured correctly. Rather than
run without sandboxing I'm aborting now. You need to make sure that
/opt/Custom App/chrome-sandbox is owned by root and has mode 4755.

So I set SUID as suggested: sudo chmod 4755 "/opt/Custom App/chrome-
sandbox"

And now, if the path is without space (e.g. /opt/CustomApp), then the
Electron app works. When it has a space, it fails with "LaunchProcess:
failed to execvp" I have mentioned above. syslog contains logs (stripped
prefixes):

kernel: audit: type=1400 audit(1729968745.234:136): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=2196 comm="custom-app" requested="userns_create" target="unprivileged_userns"
kernel: audit: type=1400 audit(1729968745.236:137): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=2198 comm="custom-app" capability=21  capname="sys_admin"
kernel: traps: custom-app[2196] trap int3 ip:57e938a5c46c sp:7fff1815e5a0 error:0 in custom-app[57e934ad0000+8972000]

So, when I do: mv "/opt/Custom App" "/opt/CustomApp"
It starts working. (And I do not have any apparmor profile for "/opt/CustomApp"). In syslog, I have just the first message: apparmor="AUDIT"

It's possible error message is from Electron.js code.

** Bug watch added: github.com/electron-userland/electron-builder/issues #8635
   https://github.com/electron-userland/electron-builder/issues/8635

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2046844

Title:
  AppArmor user namespace creation restrictions cause many applications
  to crash with SIGTRAP

Status in AppArmor:
  New
Status in Wike:
  New
Status in akonadiconsole package in Ubuntu:
  Fix Released
Status in akregator package in Ubuntu:
  Fix Released
Status in angelfish package in Ubuntu:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in bubblewrap package in Ubuntu:
  Fix Committed
Status in cantor package in Ubuntu:
  Fix Released
Status in devhelp package in Ubuntu:
  Fix Released
Status in digikam package in Ubuntu:
  Fix Released
Status in epiphany-browser package in Ubuntu:
  Fix Released
Status in evolution package in Ubuntu:
  Fix Released
Status in falkon package in Ubuntu:
  Fix Released
Status in firefox package in Ubuntu:
  Confirmed
Status in foliate package in Ubuntu:
  Fix Committed
Status in freecad package in Ubuntu:
  Invalid
Status in geary package in Ubuntu:
  Fix Released
Status in ghostwriter package in Ubuntu:
  Fix Released
Status in gnome-packagekit package in Ubuntu:
  Invalid
Status in goldendict-webengine package in Ubuntu:
  Fix Released
Status in guix package in Ubuntu:
  Confirmed
Status in kalgebra package in Ubuntu:
  Fix Released
Status in kchmviewer package in Ubuntu:
  Fix Released
Status in kdeplasma-addons package in Ubuntu:
  Fix Released
Status in kgeotag package in Ubuntu:
  Fix Released
Status in kiwix package in Ubuntu:
  Incomplete
Status in kmail package in Ubuntu:
  Fix Released
Status in konqueror package in Ubuntu:
  Fix Released
Status in kontact package in Ubuntu:
  Fix Released
Status in loupe package in Ubuntu:
  Fix Released
Status in marble package in Ubuntu:
  Fix Released
Status in notepadqq package in Ubuntu:
  Fix Released
Status in opam package in Ubuntu:
  Fix Released
Status in pageedit package in Ubuntu:
  Fix Released
Status in plasma-desktop package in Ubuntu:
  Fix Released
Status in plasma-welcome package in Ubuntu:
  Fix Released
Status in privacybrowser package in Ubuntu:
  Invalid
Status in qmapshack package in Ubuntu:
  Fix Released
Status in qutebrowser package in Ubuntu:
  Fix Released
Status in rssguard package in Ubuntu:
  Fix Released
Status in steam package in Ubuntu:
  Fix Released
Status in supercollider package in Ubuntu:
  Fix Released
Status in tellico package in Ubuntu:
  Fix Released
Status in tor package in Ubuntu:
  Confirmed
Status in wike package in Ubuntu:
  Fix Committed
Status in apparmor source package in Noble:
  Fix Released

Bug description:
  Hi, I run Ubuntu development branch 24.04 and I have a problem with
  Epiphany browser 45.1-1 (Gnome Web): program doesn't launch, and I get
  this error

  $ epiphany
  bwrap: Creating new namespace failed: Permission denied

  ** (epiphany:12085): ERROR **: 14:44:35.023: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1
  Trappe pour point d'arrêt et de trace (core dumped)

  $ epiphany
  bwrap: Creating new namespace failed: Permission denied

  ** (epiphany:30878): ERROR **: 22:22:26.926: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1
  Trappe pour point d'arrêt et de trace (core dumped)

  Thanks for your help!

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions