in electron-sandboxing.rst there is a statement that Ubuntu allows kernel unprivileged user namespaces. This was changed in Ubuntu 23.10. The release notes for 24.04 mention specifics:
While the instructions to disable userns are generally correct, it is also worth expanding the documentation for other specific cases. In the case of Ubuntu, apparmor is used, and a user may create a specific apparmor profile, either in full or using the unconfined flag. an example is given in the notes.
due to how AppImages run in confinement (on Ubuntu at least, running in /tmp/.${app_name}${VALUE}) , it may be difficult / onerous for users to figure out individual appamor profiles, but it's worth mentioning.
TheAssassin
commented
5 months ago
in electron-sandboxing.rst there is a statement that Ubuntu allows kernel unprivileged user namespaces. This was changed in Ubuntu 23.10. The release notes for 24.04 mention specifics:
https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15
While the instructions to disable userns are generally correct, it is also worth expanding the documentation for other specific cases. In the case of Ubuntu,
apparmoris used, and a user may create a specificapparmorprofile, either in full or using the unconfined flag. an example is given in the notes.due to how AppImages run in confinement (on Ubuntu at least, running in /tmp/.${app_name}${VALUE}) , it may be difficult / onerous for users to figure out individual
appamorprofiles, but it's worth mentioning.