Based on Marco's comment above, I suspect we need to add an AppArmor
profile for gnome-shell-portal-helper.
Using the example in that blog post, this would be the simplest possible
policy:
abi <abi/4.0>,
include <tunables/global>
/usr/libexec/gnome-shell-portal-helper flags=(default_allow) {
userns,
}
Write that to a file, then load it into the kernel with "sudo
apparmor_parser -r filename". That will persist until you reboot the
system.
If this does indeed solve the problem, then we need to look at adding a
policy to gnome-shell-portal-helper in the main packaging. It'd be worth
looping in the security team, since they would probably want something a
little more than this 5 line version.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-shell in Ubuntu.
https://bugs.launchpad.net/bugs/2051574
Title:
gnome-shell-portal-helper crashed with SIGTRAP in
waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap:
setting up uid map: Permission denied" ; "Failed to fully launch dbus-
proxy: Child process exited with code 1"]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2051574/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
