First the failure to make the namespace, then the breakpoint trap.
This can be worked around trivially but very, very dangerously by disabling sandboxing (using QTWEBENGINE_DISABLE_SANDBOX=1 for Falkon and qutebrowser, or WEBKIT_DISABLE_SANDDBOX_THIS_IS_DANGEROUS=1 for Epiphany). This hint led us to the source of the issue.
Accroding to the AppArmor bug report, "For each of these binaries, an apparmor profile is required so that the binary can be granted use of unprivileged user namespaces". So... I guess that means we have many packages that need AppArmor profiles now.
This is affecting Falkon and qutebrowser as well. Just now me and a couple of the Lubuntu devs did a deep debugging session and found the issue.
About four days ago, an upload was made in AppArmor that no longer allows unprivileged programs to create user namespaces. See https:/ /launchpad. net/ubuntu/ +source/ apparmor/ 4.0.0~alpha2- 0ubuntu7 and https:/ /bugs.launchpad .net/ubuntu/ +source/ apparmor/ +bug/2046477. As it turns out, Epiphany, Falkon, and qutebrowser (and it sounds like Evolution and something related to PackageKit) all use these features. When something tries to create a user namespace and fails, apparently it can result in a SIGTRAP pretty quickly.
2023-12- 19T14:43: 35.821206- 05:00 user-standardpc kernel: [ 2092.018163] audit: type=1400 audit(170301501 5.816:119) : apparmor="DENIED" operation= "userns_ create" class="namespace" info="User namespace creation restricted" error=-13 profile= "unconfined" pid=4348 comm="falkon" requested= "userns_ create" denied= "userns_ create" 19T14:43: 35.821230- 05:00 user-standardpc kernel: [ 2092.018657] traps: falkon[4348] trap int3 ip:7f196dbd7b13 sp:7ffea3141ea0 error:0 in libQt5WebEngine Core.so. 5.15.15[ 7f196b9b4000+ 6931000]
2023-12-
First the failure to make the namespace, then the breakpoint trap.
This can be worked around trivially but very, very dangerously by disabling sandboxing (using QTWEBENGINE_ DISABLE_ SANDBOX= 1 for Falkon and qutebrowser, or WEBKIT_ DISABLE_ SANDDBOX_ THIS_IS_ DANGEROUS= 1 for Epiphany). This hint led us to the source of the issue.
Accroding to the AppArmor bug report, "For each of these binaries, an apparmor profile is required so that the binary can be granted use of unprivileged user namespaces". So... I guess that means we have many packages that need AppArmor profiles now.