FS#63316 - [bubblewrap] Incompatible with linux-hardened + flatpak
Attached to Project:
Arch Linux
Opened by Eternal (eternal) - Tuesday, 30 July 2019, 06:00 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 31 July 2019, 15:46 GMT
Opened by Eternal (eternal) - Tuesday, 30 July 2019, 06:00 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 31 July 2019, 15:46 GMT
|
Details
Description: Using bubblewrap 0.3.3-2 on the linux-hardened
kernel, running an application on flatpak results in the
following error message:
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1' bubblewrap 0.3.3-2 was updated with the configuration "--with-priv-mode=none", which assumes that the kernel has CONFIG_USER_NS_UNPRIVILEGED set to "y" as in the main linux package. In the following task, it was established that it is not appropriate to make the same change to linux-hardened: https://bugs.archlinux.org/task/63295 Would it be possible to return to the "--with-priv-mode=setuid" configuration or implement some other workaround for linux-hardened? Additional info: * Package versions: linux-hardened 5.1.19.a-1, flatpak 1.4.2-1, bubblewrap 0.3.3-2 Steps to reproduce: * With any flatpak application installed, run the application using: flatpak run <application name> Links: * bubblewrap 0.3.3-2 changes: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bubblewrap&id=bf828975d4cf5654af7fabe0452e323636191748 |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 31 July 2019, 15:46 GMT
Reason for closing: Fixed
Additional comments about closing: bubblewrap-suid 0.3.3-3
Wednesday, 31 July 2019, 15:46 GMT
Reason for closing: Fixed
Additional comments about closing: bubblewrap-suid 0.3.3-3
https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bubblewrap&id=d250b66d6652171b8161458e67db7fda0f589152