snapd

All our snaps that use browser-support plug crash on userns_create

Bug #2095418 reported by KDE on 2025-01-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	Fix Released	Undecided	Unassigned

Bug Description

snappy-debug

= AppArmor =
Time: 2025-01-21T07:1
Log: apparmor="DENIED" operation="userns_create" class="namespace" profile="snap.falkon.falkon" pid=14213 comm="falkon" requested="userns_create" denied="userns_create"

Crash:

[14213:14213:0121/071207.596254:FATAL:credentials.cc(126)] Check failed: . : Permission denied (13)
Trace/breakpoint trap (core dumped)

Revision history for this message

KDE (kde-community) wrote on 2025-01-21:

Also affects digikam snap

https://bugs.kde.org/show_bug.cgi?id=498663

Revision history for this message

KDE (kde-community) wrote on 2025-01-21:

Angelfish

= AppArmor =
Time: 2025-01-21T07:3
Log: apparmor="DENIED" operation="userns_create" class="namespace" profile="snap.angelfish.angelfish" pid=114675 comm="angelfish" requested="userns_create" denied="userns_create"

Revision history for this message

KDE (kde-community) wrote on 2025-01-21:

Marble

= AppArmor =
Time: 2025-01-21T07:3
Log: apparmor="DENIED" operation="userns_create" class="namespace" profile="snap.marble.marble" pid=115508 comm="marble" requested="userns_create" denied="userns_create"

Revision history for this message

KDE (kde-community) wrote on 2025-01-21:

Ghostwriter

= AppArmor =
Time: 2025-01-21T07:3
Log: apparmor="DENIED" operation="userns_create" class="namespace" profile="snap.ghostwriter.ghostwriter" pid=118952 comm="ghostwriter" requested="userns_create" denied="userns_create"

kalgebra

= AppArmor =
Time: 2025-01-21T07:4
Log: apparmor="DENIED" operation="userns_create" class="namespace" profile="snap.kalgebra.kalgebra" pid=119438 comm="kalgebra" requested="userns_create" denied="userns_create"

Revision history for this message

Maciej Borzecki (maciek-borzecki) wrote on 2025-01-21:

Thanks for reporting this. Is this a new behavior in KDE frameworks that it attempts to create a new user namespace during app startup?

Revision history for this message

KDE (kde-community) wrote on 2025-01-21:

Apparently. We never hit this bug before. It appears qt6webengine is the culprit. soumyadeep suggested

  # browser-sandbox:
  # interface: browser-support
  # allow-sandbox: true

and it works.

now trying QTWEBENGINE_DISABLE_SANDBOX: 1

to see if the snap still works.

Revision history for this message

KDE (kde-community) wrote on 2025-01-24:

Fixing these on my end. bug can be closed

Changed in snapd:
status:	New → In Progress

KDE (kde-community) on 2025-01-25

Changed in snapd:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

kde-bugs #498663
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.