Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian package doesn't provide bwrap-userns-restrict when built #280

Open
konomikitten opened this issue Nov 17, 2024 · 7 comments
Open

Debian package doesn't provide bwrap-userns-restrict when built #280

konomikitten opened this issue Nov 17, 2024 · 7 comments

Comments

@konomikitten
Copy link

After building umu-launcher 1.1.4 on Debian Unstable and installing the resulting packages the following error appears:

Setting up python3-umu-launcher (1.1.4-1) ...
Job for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xeu apparmor.service" for details.

Checking the journal shows:

There was an error while loading profiles from /etc/apparmor.d

Checking /etc/apparmor.d shows that there's a broken symlink:

$ ll "$(readlink /etc/apparmor.d/bwrap-userns-restrict-umu)"
ls: cannot access '/usr/share/apparmor/extra-profiles/bwrap-userns-restrict': No such file or directory
@GloriousEggroll
Copy link
Member

please install apparmor-profiles-extra, this should contain the missing file. if it doesnt, try apparmor-profiles. it should be one of those two. let us know which one resolves it and we can add it as a dependency

@konomikitten
Copy link
Author

please install apparmor-profiles-extra, this should contain the missing file. if it doesnt, try apparmor-profiles. it should be one of those two. let us know which one resolves it and we can add it as a dependency

This file doesn't seem to be in any package on Debian Unstable:

$ apt-file search bwrap-userns-restrict

$ apt-file search /usr/share/apparmor/ | grep bwrap

@GloriousEggroll
Copy link
Member

https://packages.debian.org/search?keywords=apparmor-profiles

@konomikitten
Copy link
Author

https://packages.debian.org/sid/all/apparmor-profiles/filelist I don't see bwrap-userns-restrict in there, if it was apt-file would've found it.

@GloriousEggroll
Copy link
Member

GloriousEggroll commented Nov 18, 2024
edited
Loading

it's in ubuntu, don't know if this was a recent change/addition that maybe debian is missing:
ubuntu
maybe @gegarcia or @darix knows?

@jrjohansen
Copy link

In ubuntu the bwrap-userns-restrict profile is in the base apparmor package and it is installed into /usr/share/apparmor/extra-profiles/bwrap-userns-restrict.

Be aware it is not installed by default because it interacts with and breaks flatpak.

New versions of the flatpak and bwrap-userns-restrict profiles are in testing. They should show up in plucky soon, and if all goes well they will be SRUed back to noble. If anyone is interested in testing them before they land in plucky I can add a link with them here.

@GloriousEggroll
Copy link
Member

In ubuntu the bwrap-userns-restrict profile is in the base apparmor package and it is installed into /usr/share/apparmor/extra-profiles/bwrap-userns-restrict.

Be aware it is not installed by default because it interacts with and breaks flatpak.

New versions of the flatpak and bwrap-userns-restrict profiles are in testing. They should show up in plucky soon, and if all goes well they will be SRUed back to noble. If anyone is interested in testing them before they land in plucky I can add a link with them here.

heya, yes we're aware of the whole flatpak interaction bit, i was actually told it was already resolved -- regardless the issue here is we're missing it in debian, not ubuntu.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GloriousEggroll @konomikitten @jrjohansen