Noble / Waterfox problem

[Oliver Grawert]

Hi,
Am Donnerstag, dem 28.03.2024 um 11:07 +0000 schrieb Grizzlly:
> 
> > you should also find a kernel audit message in your journal about
> > it
> > along the lines of:
> > 
> > apparmor="DENIED" operation="userns_create" class="namespace"
> > info="User namespace creation restricted" [...]
> 

> Not seeing this in journal, in fact nothing to do with namespace is
> mentioned, 

Well, every supported Ubuntu kernel should normally print that stuff

> no lines that relate to Waterfox seem to show, problem still persists
> two weeks 

you did report it at the bug so the security team can inspect it, right
? else it will surely not be fixed ever indeed ...

> down the road, okay Nobal is still not released but if they dont sort
> this it
> will make it hard to usem if not impossible especially as the LTS 

waterfox shares most likely the majority of its code with firefox
(AFAIK it only drops trademarked code) and all other firefox derived
browsers expose identical behavior, user namespaces are by default
enforced from noble on in general and either the ubuntu side or the
waterfox package needs to ship the few lines of apparmor profile that
all the others in the bug added (or users added) to their apparmor
config. 

even if you do not see the messages, have you tried the workaround that
all the others tried in the bug ?

here is an example, you just need to adjust paths and names for your
waterfox install, if that fixes the behavior, messages or not, i'd urge
you to report it as the release is near and the later it gets the
harder it will be to land fixes:

https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844/comments/61

ciao
	oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20240328/d1efc7f4/attachment.sig>