Comment 3 for bug 2056297

Hi cipricus,

can you specify how and where your firefox was installed? We are trying to support multiple variations including downloading directly from mozilla if it is installed to the standard location?

mruffell is correct in his assessment that this is due to firefox not correctly handling user namespace mediation. This can be seen in your dmesg with the following messages

[ 69.033622] audit: type=1400 audit(1709714939.278:138): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=2922 comm=495043204C61756E6368 requested="userns_create" target="unprivileged_userns"
[ 69.037108] audit: type=1400 audit(1709714939.282:139): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=2982 comm=53616E64626F7820466F726B6564 capability=21 capname="sys_admin"

Unfortunately firefox does not handle the error returned when it tries an operation that require sys_admin capability gracefully resulting in the crash.

mruffell has already provided all the relevant links so I will just supplement that information

1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox

2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/

3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces