[Bug 2122675] Re: Cannot unshare userns in livecd
Daniel van Vugt
2122675 at bugs.launchpad.net
Tue Sep 30 01:44:22 UTC 2025
It is fixed, which is why it's misleading to have a critical task open
unless someone has more fixes in mind.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2122675
Title:
Cannot unshare userns in livecd
Status in apparmor package in Ubuntu:
Confirmed
Status in livecd-rootfs package in Ubuntu:
Fix Released
Bug description:
Multiple components of Ubuntu Desktop daily-live are failing when
trying to create a sandboxed user namespace:
apparmor="DENIED" operation="userns_create" class="namespace"
info="Userns create restricted - failed to find unprivileged_userns
profile" error=-13 profile="unconfined" pid=9281 comm="bwrap"
requested="userns_create" denied="userns_create"
target="unprivileged_userns" execpath="/usr/bin/bwrap"
This is seen affecting the loading of the wallpaper image (sandboxed
through glycin -> bwrap) and the ubuntu-insights-collect.service
(sandboxed through PrivateUsers=true in the unit file)
Minimal reproducer:
$ python3
>>> import os
>>> os.unshare(os.CLONE_NEWUSER)
Traceback (most recent call last):
File "<python-input-1>", line 1, in <module>
os.unshare(os.CLONE_NEWUSER)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2122675/+subscriptions
More information about the foundations-bugs
mailing list