search

linuxmint / mint22-beta

BETA Bug Squash Rush
15 stars 0 forks source link

Many apps are crashing in Mint 22 due to recent changes in apparmor in Ubuntu 24.04: reverse this Ubuntu regression just like snaps #82

Open archisman-panigrahi opened 2 days ago

archisman-panigrahi commented 2 days ago

Ubuntu made some changes in apparmor in 24.04, preventing many apps from working. Such apps include Balena Etcher, Wike (available on official repositories and also flatpak), Foliate ebook reader, and many more (including all electron based apps).

Despite Launchpad saying Fix Released for some of these apps, I verified that wike still crashes in Mint 22 beta.

Here is the output when I run Wike using APT.

mint@mint:~$ wike 
bwrap: Creating new namespace failed: Permission denied 
** (wike:3274): ERROR **: 04:08:47.388: Failed to launch dbus-proxy: Child process exited with code 1 
Trace/breakpoint trap (core dumped)

(This is not a Wike bug. It is because apparmor is preventing wike from running).

While the change was made to improve security, the implementation is buggy. Many apps just crash without any clear GUI error message, and non-expert users may have no idea why they are crashing.

I suggest Mint reverses this immature Ubuntu-specific bug that crashes so many apps (at least until apparmor becomes mature enough), just like the Mint's policy for snap.

Snap is an upstream issue, which Mint took care of, and I suggest the same for apparmor, for better out of the box user experience.

How to fix

The procedure to undo these changes is described here and here

The following command to create a configuration file fixes the issue permanently (then restart).

echo 'kernel.apparmor_restrict_unprivileged_userns = 0' | 
  sudo tee /etc/sysctl.d/20-apparmor-mint.conf

I suggest this configuration file is added to Mint 22.

archisman-panigrahi commented 2 days ago

https://github.com/linuxmint/mint22-beta/issues/71 was a duplicate of this issue. Not just Jitsi, too many useful apps are affected.

EnlightenedBacon commented 2 days ago

Just FYI as a temp workaround, I had this problem with Mullvad VPN and using --no-sandbox makes it work. Not ideal, but usable for now. Interestingly, Mullvad claims their latest release was meant to fix compatibility with 24.04, so perhaps there's a bit more to the issue that's Mint beta specific (or Mullvad just failed at the fix).

archisman-panigrahi commented 20 hours ago

Another affected app is freetube https://github.com/FreeTubeApp/FreeTube/issues/5199