can you specify how and where your firefox was installed? We are trying to support multiple variations including downloading directly from mozilla if it is installed to the standard location?
mruffell is correct in his assessment that this is due to firefox not correctly handling user namespace mediation. This can be seen in your dmesg with the following messages
Unfortunately firefox does not handle the error returned when it tries an operation that require sys_admin capability gracefully resulting in the crash.
mruffell has already provided all the relevant links so I will just supplement that information
1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox
2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/
Hi cipricus,
can you specify how and where your firefox was installed? We are trying to support multiple variations including downloading directly from mozilla if it is installed to the standard location?
mruffell is correct in his assessment that this is due to firefox not correctly handling user namespace mediation. This can be seen in your dmesg with the following messages
[ 69.033622] audit: type=1400 audit(170971493 9.278:138) : apparmor="AUDIT" operation= "userns_ create" class="namespace" info="Userns create - transitioning profile" profile= "unconfined" pid=2922 comm=495043204C 61756E6368 requested= "userns_ create" target= "unprivileged_ userns" 9.282:139) : apparmor="DENIED" operation="capable" class="cap" profile= "unprivileged_ userns" pid=2982 comm=53616E6462 6F7820466F726B6 564 capability=21 capname="sys_admin"
[ 69.037108] audit: type=1400 audit(170971493
Unfortunately firefox does not handle the error returned when it tries an operation that require sys_admin capability gracefully resulting in the crash.
mruffell has already provided all the relevant links so I will just supplement that information
1. The recommended way is updating the firefox profile in /etc/apparmor. d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor. d/firefox
2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https:/ /lwn.net/ Articles/ 673597/
3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https:/ /ubuntu. com/blog/ ubuntu- 23-10-restricte d-unprivileged- user-namespaces