Hi, On 2025-03-03 12:03:22 +0100, intrigeri wrote: > Vincent Lefevre (2025-02-25): > > I suspect that this is because the firejail-default AppArmor profile > > does not use "userns" (contrary to the firefox AppArmor profile, > > which completely changed). > > I thought "userns" was a no-op on mainline (read: non-Ubuntu) kernels. > But who knows :) And indeed, it does look like $something is blocking > unprivileged user namespaces. Let's try to figure out what > $something is. > > Can you try adding the "userns," line to the firejail-default AppArmor > profile and see if you can reproduce?
This makes the warning disappear, but only after a reboot. > Another thing that could be worth trying (independently from the > previous one) is to revert /usr/share/apparmor-features/features to > the previous version i.e. revert the changes from this commit: > https://salsa.debian.org/apparmor-team/apparmor/-/commit/71c0d1bfdd0556cb8466913d65ca4f6fced14b63 > Then reboot the system and try to reproduce. After restoring the firejail-default AppArmor profile, this revert also makes the warning disappear (after a reboot). And after restoring this file (and a reboot), i.e. going back to the initial state, the warning reappears as expected. Note: each time, I created a new Firefox profile to check the presence of the warning. Regards, -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
