You will need to create an AppArmor profile for the AppImage to work
using unprivileged user namespaces with privileged operations. Here's a
more detailed explanation in a different bug:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/comments/4
--
You received this bug notificati
Could someone please confirm whether this is fixed?
Lsb_release
Description:Ubuntu 24.04.1 LTS
Apparmor
Version: 4.0.1really4.0.1-0ubuntu0.24.04.3
srdjan@serenity:~$ /home/srdjan/Software/Obsidian-1.4.13.AppImage
[9225:1102/202058.416464:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox
Andreas - more details about add picture and bubblewrap is here
https://bugs.launchpad.net/ubuntu/+source/budgie-control-
center/+bug/2065708
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064672
Tit
From what I understand, the unprivileged_userns profile disables
capabilities:
$ cat /etc/apparmor.d/unprivileged_userns
# Special profile transitioned to by unconfined when creating an unprivileged
# user namespace.
#
abi ,
include
profile unprivileged_userns {
audit deny capability, <---
I installed the Budgie Desktop with Noble on 28 September 2024, and it
appears to me that this bug hasn't been fixed by the SRU - I've got the
SRU installed and the misbehavior is still occurring.
```
flerken: $ uname -a
Linux flerken 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30
12:
This bug was fixed in the package apparmor -
4.0.1really4.0.1-0ubuntu0.24.04.3
---
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.3) noble; urgency=medium
* Revert to version 4.0.1-0ubuntu0.24.04.2 except for the patch
that enables the bwrap-userns-restrict profile (LP: #2072811).
Thanks very much for the explanation, @jjohansen.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064672
Title:
[SRU] - fixes for apparmor on noble
To manage notifications about this bug go to:
http
This SRU should land soon. It is up to the release team to decide when
it will be released. There are a couple reason this is baking longer (28
days) than the minimum 7 days. In -proposed is a previous iteration
caused a regression and had to be reverted. The 24.04.1 release happened
recently and t
Thank you everyone for your hard work on this. Can I ask how long until
this fix will be released?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064672
Title:
[SRU] - fixes for apparmor on noble
T
Verification completed on apparmor noble-proposed
$ apt policy apparmor
apparmor:
Installed: 4.0.1really4.0.1-0ubuntu0.24.04.3
Candidate: 4.0.1really4.0.1-0ubuntu0.24.04.3
Version table:
*** 4.0.1really4.0.1-0ubuntu0.24.04.3 100
100 http://archive.ubuntu.com/ubuntu noble-proposed/ma
Hello Georgia, or anyone else affected,
Accepted apparmor into noble-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apparmor/4.0.1really4.0.1-0ubuntu0.24.04.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new pa
To clarify on the statement from @georgiag above - "some applications
are still not going to work properly" means that some applications
*which currently do not work on Ubuntu 24.04 with the current version of
apparmor in the archive (4.0.1really4.0.0-beta3-0ubuntu0.1)* are still
not going to work
I have updated the description with the information of the SRU version
4.0.1really4.0.1-0ubuntu0.24.04.3
The Test Plan is updated with detailed instructions and I also added an
analysis of why the regression happened for the previous SRU. Note that since
we have removed the enablement by default
Thanks. When the bwrap profile SRU is attempted again, I'd like the Test
Plan reconsidered please to ensure that we catch the class of regression
that occurred.
On this SRU, before resubmitting it with the bwrap change removed,
please revise the Test Plan to ensure that all necessary steps are
inc
The regression is caused by
d/p/u/enable-bwrap-profile.patch
the bwrap profile is interacting with flatpak, and snapd. The
d/p/u/enable-bwrap-profile.patch will need to be dropped, when the 4.0.1
SRU is redone.
The bwrap, flatpak and snapd will need updates to enable bwrap to be
used by regular
A regression caused by this update has been reported in bug 2072811. If
found to be valid, we may revert the fix shortly. If you are or would be
affected, your participation in the regression bug would be appreciated.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
This bug was fixed in the package apparmor - 4.0.1-0ubuntu0.24.04.2
---
apparmor (4.0.1-0ubuntu0.24.04.2) noble; urgency=medium
[Georgia Garcia]
* New upstream release. (LP: #2064672)
* Refresh
- d/p/u/parser-add-support-for-prompting.patch
- Add condition in policydb
Test Environment 1: kvm virtual machine, clean 24.04 install, updated,
then proposed enabled.
Test Environment 2: x86 laptop with nvidia graphics, upgraded to 24.04,
updated, then proposed enabled.
Test plan fully executed on both environments.
Notes:
kde, budgie, and kapps: only tested in envi
List of Applications tested for regression
Tellico
Supercollider
steam
rssguard
qutebrowser
qmapshack
plasma-welcome
plasma-desktop
pageedit
opam
notepadqq
marble
loupe
kontact
konqueror
kmail
kgeotag
kdeplasma-addons
kchmviewer
kalgebra
goldendict-webengine
ghostwriter
foliate
geary
firefox snap
Thanks for the verification, John. I updated the tags based on the
results of your tests.
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
On a clean install of 24.04 with Ubuntu (gnome) desktop. Updated as of
June 27, 24.04.
0. Enabled proposed, updated, upgrade and installed apparmor packages
via
$ sudo apt install apparmor apparmor-profiles apparmor-utils
libapparmor-dev libapparmor1 libpam-apparmor python3-apparmor
python3-libap
@raof I've installed the proposed package, and so far it seems to be
working. Thank you!
(Apologies if you receive telemetry, and this message is just spam.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
Hello Georgia, or anyone else affected,
Accepted apparmor into noble-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu0.24.04.2 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Thanks for reviewing, Chris. I have updated the test plan with your
suggestions, and I also updated the ppa containing a new version of the
package with the wike profile location fixed. I'll also make sure to
comment on the bugs in the changelog that verification is not required.
** Description ch
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
Ok, I've reviewed the upload in the queue. I've rejected it, as one of
the patches was broken, but apart from that the diff looks OK (although
there's a *lot* of it, most of it is removal of autogenerated autoconf
stuff).
If we're going to use just this bug for verification, please update the
othe
It shouldn't but we do need to make sure it works.
Previously flatpak was getting around the bwrap restriction by using the
flatpak unconfined profile. But the unconfined profile uses pix which
means it will now use the bwrap profile, when calling bwrap.
If this does cause breakage we will need t
Hi Simon,
The use of --unshare=network does not cause a regression with the bwrap profile.
This is the full profile:
https://gitlab.com/apparmor/apparmor/-/blob/aa74b9b12d9ed55909489403a0c2514b9ea6a95f/profiles/apparmor/profiles/extras/bwrap-userns-restrict
If you look at the bwrap profile itsel
> add profile for bwrap utility
Please check that this doesn't make `flatpak run --unshare=network
$APP_ID` regress.
Explanation:
Some Flatpak apps (the ones that have no legitimate reason to use
networking) have `--unshare=network` by default, as a way to prevent
them from contacting the intern
@jjohansen Thank you very much for your detailed explanation!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064672
Title:
[SRU] - fixes for apparmor on noble
To manage notifications about this bug
@smoelius:
If you are interested in learning more of the processes, you can read
about it at https://wiki.ubuntu.com/StableReleaseUpdates
To summarize the upload is at step 4 of the procedures. It has been
uploaded but has not been promoted to the -proposed pocket. Once it has
been accepted it wi
Please forgive me as I am unfamiliar with Ubuntu's release process.
What are the next steps to releasing this fix? And how soon could it
appear in normal distribution?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launc
I have just uploaded apparmor 4.0.1-0ubuntu0.24.04.1 from georgiag's PPA
to noble - it is sitting in the unapproved queue.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064672
Title:
[
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
38 matches
Mail list logo
