This is affecting Falkon and qutebrowser as well. Just now me and a
couple of the Lubuntu devs did a deep debugging session and found the
issue.
About four days ago, an upload was made in AppArmor that no longer
allows unprivileged programs to create user namespaces. See
https://launchpad.net/ubun
This bug also breaks Electron-based AppImages, such as Balena Etcher.
While we specifically don't support these apps, I find it very likely
that Ubuntu has potentially hundreds of thousands of users of these
kinds of apps.
--
You received this bug notification because you are a member of Ubuntu
D
Thanks! I'll be on the hunt for any more that act like this and add them
to the report. I'm also happy to help prep uploads (I'm not an MOTU yet
so I can't upload on my own, but I can prep the packaging).
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which
Nice! This works with AppImages? If so, I think we have a perfect
solution.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation
How acceptable or possible would a solution be that had one universal
"allowUserNamespaces" attribute in an AppArmor config that could then
simply be set on whatever files one wanted to enable the features on?
That would support all third-party apps that a user deemed worthy
without needing much ef
I can't seem to get the xattr solution to work. I'm trying it on a
normal binary and it's failing like so:
# Contents of /etc/apparmor.d/falkon
abi ,
include
profile falkon xattrs=(security.apparmor=falkon) flags=(unconfined) {
userns,
include if exists
}
# setfattr command
user@user-stan
The reason I was suggesting a single attribute to enable user namespace
creation is because of the myriad of third-party apps that we probably
*aren't* going to catch here that users use out there that require user
namespace privileges. For instance, there are probably at least some
QtWebEngine-bas
User prompting sounds like a good idea. Tt fixes one concern I wanted to
bring up, which is developers who use user namespaces in their code
(possibly indirectly by using QtWebEngine for instance). Those devs
would end up with their software crashing for no apparent reason. A user
prompt or descrip
Public bug reported:
Lubuntu uses Qt as the primary framework for most of the apps we ship.
However, some functionality we ship in Lubuntu doesn't have a Qt
application that provides that functionality, so we have some GTK3 apps
that we ship as well. Starting in Lubuntu 24.04, we are adding and
en
I believe bwrap was ignored intentionally, as the point of the apparmor
change was to prevent arbitrary apps from making unprivileged user
namespaces with capabilities. Allowing Bubblewrap to do so would provide
a loophole. Same reason `unshare` isn't allowed to make unprivileged
namespaces with ca
We rewrote the update notifier in Qt/C++ and got rid of the aptdaemon
dependency earlier in the Noble cycle, so this is now resolved in Noble.
** Changed in: lubuntu-update-notifier (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member o
Public bug reported:
Steps to reproduce:
1. Launch GIMP on Kubuntu 24.04.
2. Create a new image.
3. Draw something in it (a black squiggly line with the default brush is fine)
4. Export the image as a PNG.
5. Close GIMP.
Expected result: GIMP closes normally.
Actual result: Segmentation fault.
07f43ecc24247 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#65 0x7f43ecbc5b87 in g_main_loop_run () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#66 0x55b13688a515 in app_run ()
No symbol table info available
Looks like Jeremy Bicha has a new GIMP uploaded to Oracular which will
fix this there. The fix will still need backported to Noble, which I
intend on doing.
** Changed in: gimp (Ubuntu Oracular)
Status: New => Triaged
** Changed in: gimp (Ubuntu Oracular)
Status: Triaged => Fix Comm
Fix verified on Noble. Will be uploading and submitting to the SRU team
soon.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/2055044
Title:
GIMP crash at closure on systems with GLib
** Changed in: gimp (Ubuntu Noble)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/2055044
Title:
GIMP crash at closure on systems with GLib 2.80.
The Tor Browser is actually installable on Ubuntu, and we have
privacy-conscious folks here who are Ubuntu Developers. We just were
absolutely slammed in more ways than we imagined would happen this
cycle and things slipped through the cracks. This is probably one of
them.
You can follow the instr
The regression mentioned above appears to have been a glitch in the
s390x autopkgtest infra. I requested a retry.
The test plan succeeded using the GIMP from noble-proposed - I can
export an image as a PNG, then close GIMP and click "Discard" when
prompted to save my changes and it closes cleanly.
Unless your app and Bubblewrap can both work without any capabilities in
an unprivileged user namespace, things will probably go south. You
should probably be installing an AppArmor profile for your app that
allows you to use unprivileged user namespaces normally again, as
described in Comment 5
(h
Also note that even the system's build of Bubblewrap is not granted the
ability to bypass user namespace restrictions as that would allow the
restrictions to be bypassed by any application. Doing this to your own
build of Bubblewrap will pose the same security issue. If you can avoid
doing things t
** Changed in: gimp (Ubuntu Oracular)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/2055044
Title:
GIMP crash at closure on systems with
Public bug reported:
This bug was discovered while doing an Ubuntu QA test, "Install (entire
disk with lvm and encryption)" for Ubuntu Kinetic. I'm using the same
host system specs as in this bug report:
https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1973150
While running the test, in st
This bug also occurs in Ubuntu 22.04 (Jammy).
** Tags added: jammy
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubuntu.
https://bugs.launchpad.net/bugs/1973156
Title:
Strange graphical glitch during Ubuntu installation w
Changing the package this bug affects to gdm3 as I believe that is the
package that includes the Wayland implementation in Ubuntu.
** Package changed: ubuntu => gdm3 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm3 in Ubu
I'm not sure if this problem is happening on Linux Mint 21 or Ubuntu
22.04.1. While Linux Mint is based on Ubuntu, it is not the same as
Ubuntu, and may have behaviors (and bugs!) that differ from Ubuntu's.
Could you clarify which Linux distro you're experiencing this problem
on?
--
You received
Public bug reported:
Note that, in my experience, this bug *only* affect Kubuntu 22.10 and
Ubuntu Studio 22.10, however Ubuntu Studio specifically does not support
VMs, and I assume that fixing the problem in Kubuntu will fix the
problem in Ubuntu Studio too.
Steps to reproduce:
1. Install GNOME
I believe we have a working patch for the problem. A quick summary of
what it looks like is happening:
Openbox maintains a list of windows organized by stacking order from
highest to lowest. This is a doubly-linked list.
There is a function in Openbox called client_calc_layer that uses a
pointer
** Changed in: openbox (Ubuntu)
Assignee: (unassigned) => Aaron Rainbolt (arraybolt3)
** Changed in: glib2.0 (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to glib2.0 in Ubuntu.
I don't have upload access to this package yet (it's not in the Lubuntu
packageset apparently) so I'm uploading the patch here so that it can be
sponsored.
** Patch added: "glib_crash_bugfix.patch"
https://bugs.launchpad.net/ubuntu/+source/openbox/+bug/2011751/+attachment/5656433/+files/glib_c
@dbungert: While the patch that simply copies the list is a possible way
of doing things, a very experienced user on the Arch Linux forums had
concerns about doing things that way, see
https://bbs.archlinux.org/viewtopic.php?pid=2090570#p2090570 "But
creating a copy of the list is inefficient and o
OK, so I'm not entirely sure testing the one item case is even possible
since the crash happens when switching from a fullscreen window (which
implies that there are at least two windows). However, this is what I
did, and everything was successful (no crashes).
1. Boot a Lubuntu Lunar ISO, and ins
(One extra bit of info that I realized was left out - according to the
comment on the Arch Linux forums here:
https://bbs.archlinux.org/viewtopic.php?pid=2090270#p2090270 the first
loop iteration succeeds. It's not until the second iteration (after the
list has been modified) that the crash occurs.
One worry I am having with my patch now is, what happens if the first
element is the one being modified? Then itPrev is a null pointer. I
*think* from looking at the GLib code that g_list_next will then return
null when it it handed itPrev, which means "it" will be set to null,
which I believe will
New patch, same approach, but with a fallback added if itPrev turns out
to be null.
** Patch added: "glib_crash_bugfix.patch"
https://bugs.launchpad.net/ubuntu/+source/openbox/+bug/2011751/+attachment/5656971/+files/glib_crash_bugfix.patch
--
You received this bug notification because you ar
After a discussion with dbungert, we're using a different patch instead.
This one is possibly upstream already, which makes it superior to the
original patch I was suggesting since it means less maintenance overhead
in the future.
** Patch added: "glib_crash_bugfix.patch"
https://bugs.launchpa
Gah, ok, one more try. I failed to update the debian/copyright file last
time. This version has the updated copyright file.
** Patch added: "glib_crash_bugfix.patch"
https://bugs.launchpad.net/ubuntu/+source/openbox/+bug/2011751/+attachment/5657032/+files/glib_crash_bugfix.patch
--
You recei
Latest patch has requested changes. Bug has been submitted to upstream
Debian here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033385
** Bug watch added: Debian Bug tracker #1033385
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033385
** Patch added: "glib_crash_bugfix_v5.patch"
37 matches
Mail list logo
