The sysslog showed following: ` 2024-05-11T20:15:13.136932+02:00 XXX kernel: audit: type=1400 audit(1715451313.135:228): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=49113 comm="trezor-suite" requested="userns_create" target="unprivileged_userns" 2024-05-11T20:15:13.137900+02:00 XXX kernel: audit: type=1400 audit(1715451313.136:229): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=49120 comm="trezor-suite" capability=21 capname="sys_admin"
`
So I tried to fix it by creating following apparmor profile: ` abi <abi/4.0>, include <tunables/global>
profile trezor-suite /home/user/opt/Trezor-Suite-24.4.3-linux-x86_64.AppImage flags=(unconfined) { userns,
# Site-specific additions and overrides. See local/README for details. include if exists <local/terezor-suite> }
But it did not fix it.
This is what I found in syslog after reloading the apparmor: ` 2024-05-11T20:26:53.662869+02:00 XXX kernel: audit: type=1400 audit(1715452013.661:463): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=52568 comm="trezor-suite" requested="userns_create" target="unprivileged_userns" 2024-05-11T20:26:53.676885+02:00 XXX kernel: traps: trezor-suite[52568] trap int3 ip:56e0121d634a sp:7ffe7f362260 error:0 in trezor-suite[56e00e6d5000+7e39000] 2024-05-11T20:26:53.758488+02:00 XXX systemd[1]: tmp-.mount_Trezorvs9be5.mount: Deactivated successfully.
The sysslog showed following: 11T20:15: 13.136932+ 02:00 XXX kernel: audit: type=1400 audit(171545131 3.135:228) : apparmor="AUDIT" operation= "userns_ create" class="namespace" info="Userns create - transitioning profile" profile= "unconfined" pid=49113 comm="trezor-suite" requested= "userns_ create" target= "unprivileged_ userns" 11T20:15: 13.137900+ 02:00 XXX kernel: audit: type=1400 audit(171545131 3.136:229) : apparmor="DENIED" operation="capable" class="cap" profile= "unprivileged_ userns" pid=49120 comm="trezor-suite" capability=21 capname="sys_admin"
`
2024-05-
2024-05-
`
So I tried to fix it by creating following apparmor profile:
`
abi <abi/4.0>,
include <tunables/global>
profile trezor-suite /home/user/ opt/Trezor- Suite-24. 4.3-linux- x86_64. AppImage flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details. terezor- suite>
include if exists <local/
}
`
But it did not fix it.
This is what I found in syslog after reloading the apparmor: 11T20:26: 53.662869+ 02:00 XXX kernel: audit: type=1400 audit(171545201 3.661:463) : apparmor="AUDIT" operation= "userns_ create" class="namespace" info="Userns create - transitioning profile" profile= "unconfined" pid=52568 comm="trezor-suite" requested= "userns_ create" target= "unprivileged_ userns" 11T20:26: 53.676885+ 02:00 XXX kernel: traps: trezor-suite[52568] trap int3 ip:56e0121d634a sp:7ffe7f362260 error:0 in trezor- suite[56e00e6d5 000+7e39000] 11T20:26: 53.758488+ 02:00 XXX systemd[1]: tmp-.mount_ Trezorvs9be5. mount: Deactivated successfully.
`
2024-05-
2024-05-
2024-05-
`