Comment 2 for bug 2056297

Hi cipricus,

This is a security feature working as intended. Ubuntu recently decided to disable unprivileged access to user namespaces. You can find more information it about it here:

https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844

It was included (but turned off in 23.10). In 24.04, it has been turned on.

We have been adding apparmor profiles for most packaged applications. Saying that, firefox downloaded from tarballs or other places don't come with an apparmor profile, so the mitigation isn't relaxed for them.

You can enable user namespaces by either making a apparmor profile for your firefox installs, making sure the directory where firefox is installed is correct in the profile, or by just enabling user namespaces for your system. There is instructions to do this in the first blog link.

Thanks,
Matthew