FS#63316 - [bubblewrap] Incompatible with linux-hardened + flatpak

Attached to Project: Arch Linux
Opened by Eternal (eternal) - Tuesday, 30 July 2019, 06:00 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 31 July 2019, 15:46 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description: Using bubblewrap 0.3.3-2 on the linux-hardened kernel, running an application on flatpak results in the following error message:

bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'

bubblewrap 0.3.3-2 was updated with the configuration "--with-priv-mode=none", which assumes that the kernel has CONFIG_USER_NS_UNPRIVILEGED set to "y" as in the main linux package. In the following task, it was established that it is not appropriate to make the same change to linux-hardened:

https://bugs.archlinux.org/task/63295

Would it be possible to return to the "--with-priv-mode=setuid" configuration or implement some other workaround for linux-hardened?

Additional info:
* Package versions: linux-hardened 5.1.19.a-1, flatpak 1.4.2-1, bubblewrap 0.3.3-2

Steps to reproduce:
* With any flatpak application installed, run the application using: flatpak run <application name>

Links:
* bubblewrap 0.3.3-2 changes: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bubblewrap&id=bf828975d4cf5654af7fabe0452e323636191748
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Wednesday, 31 July 2019, 15:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  bubblewrap-suid 0.3.3-3
Comment by Eternal (eternal) - Wednesday, 31 July 2019, 10:35 GMT

Loading...