** Also affects: flatpak (Ubuntu)
Importance: Undecided
Status: New
** Also affects: evolution (Ubuntu)
Importance: Undecided
Status: New
** Also affects: steam (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2065088
Title:
AppArmor profiles allowing userns not immediately active in 24.04 live
image
Status in apparmor package in Ubuntu:
Confirmed
Status in evolution package in Ubuntu:
New
Status in flatpak package in Ubuntu:
New
Status in steam package in Ubuntu:
New
Bug description:
Side issue from <https://github.com/ValveSoftware/steam-for-
linux/issues/10843>. I saw this with Steam, but Ubuntu 24.04's
AppArmor setup for Steam is quite simple, so I suspect that the same
thing might happen for any of the other third-party software that
needs an AppArmor profile for
<https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844>.
Steps to reproduce:
1. Boot an Ubuntu 24.04 live image, in a virtual machine with lots of RAM (I
gave it 8G) so that it will have enough space on the root tmpfs to install
Steam. Using Debian 12's libvirt and qemu, I found that virtio graphics didn't
work, and used qxl as a workaround.
2. When prompted, choose a keyboard layout etc., and choose to "Try Ubuntu"
rather than "Install Ubuntu".
3. Open a terminal
4. sudo dpkg --add-architecture i386
5. sudo apt update
6. sudo apt install steam (in this case steam is a transitional package with
a dependency on steam-installer, both at version 1:1.0.0.79~ds-2)
7. steam
8. See a prompt warning me that Steam is proprietary binary-only software.
Choose Install.
9. See a light grey progress bar "Steam setup / Updating Steam runtime
environment...". Wait.
10. See a dark grey progress bar "Steam / Updating Steam... Downloading
update (xxx of 465,450 KB)...". Wait.
11. Dark grey progress bar becomes "Steam / Updating Steam... Extracting
package...". Wait.
12. Output in terminal shows "Restarting Steam by request...". Wait.
Expected result:
- /etc/apparmor.d/steam allows Steam to create new user namespaces, etc.
- Steam starts successfully
Actual result:
- A dialog box with "Error / Steam now requires user namespaces to be enabled"
- Audit log: apparmor="DENIED" operation="userns_create" class="namespace"
info="Userns create restricted - failed to find unprivileged_userns profile"
error=-13 profile="unconfined" pid=... comm="srt-bwrap"
requested="userns_create" denied="userns_create" target="unprivileged_userns"
Workaround:
- Force Ubuntu's AppArmor profile for Steam to be reloaded: sudo
apparmor_parser -Tr /etc/apparmor.d/steam
- Run steam again
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
