Ubuntu
apparmor package

VS Code profile still broken.

Bug #2056517 reported by Christoph Reiter
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Ubuntu 24.04, VSCode installed via their repo (https://packages.microsoft.com/repos/code)

Some updates ago apparmor gained an exception for /usr/bin/code to work again.

The desktop file uses `/usr/share/code/code` though (see /usr/share/applications/code.desktop), so starting vscode from the dock, or from the app search results in a crash:

/usr/share/code/code
[88564:0308/080414.682744:FATAL:credentials.cc(127)] Check failed: . : Permission denied (13)
zsh: trace trap (core dumped) /usr/share/code/code

Could the profile be fixed to include all common ways to start vscode?

My current workaround is to run this on every boot:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

thanks

See original description
Christoph Reiter (lazka)
description: updated
Revision history for this message
John Johansen (jjohansen) wrote :

The fix for vscode is currently in apparmor 4.0.0-beta2-0ubuntu3 pending a Feature Freeze exception. If the feature freeze exception is not granted then the fix will be moved to a bug patch on the current apparmor 4.0.0-alpha4

Atm the fix is available via ppa https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-ffe

Revision history for this message
Christoph Reiter (lazka) wrote :

Thanks, I'm looking forward to it.

a bit unrelated: PHPStorm (and I'd guess all Jetbrains IDEs) is also broken, but that is installed by unpacking a tarball to a location and let it auto-update itself.

Is there any point in filing a bug for that too?

Revision history for this message
John Johansen (jjohansen) wrote :

I won't promise we will get to fixing PHPStorm or Jetbrains before release, but without a bug they certainly won't get fixed, so yes it is worth filing a bug for them.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
wontfix (wontfix)
summary: - vsode profile still broken
+ VS Code profile still broken.
Revision history for this message
John Johansen (jjohansen) wrote :

This is now moving forward and should show up in proposed soon.

Revision history for this message
Archisman Panigrahi (apandada1) wrote (last edit ):

A similar issue is found in Foliate ebook reader in Ubuntu 24.04 https://github.com/johnfactotum/foliate/issues/1262
Launchpad bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060767

John Johansen (jjohansen)
Changed in apparmor (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.