If you’ve been experiencing issues getting some apps to run or work properly in Ubuntu 24.04 LTS it may be down to the distro using AppArmor to restrict the creation of user namespaces.
This change (which I touched on in my article look at what’s new in Ubuntu 24.04 LTS) is there to bolster security.
After all, no-one wants icky apps free to do icky things, unchecked.
But the change means AppArmor policies are (somewhat expectedly) preventing some apps from running at all, and breaking features in other apps if they rely on components AppArmor isn’t configured to allow.
When introducing this change Canonical noted that “supplying profiles in the AppArmor package is not (and may never be) complete”, and encourages devs to “provide an AppArmor profile that they ship with their software for each Ubuntu release.”
That takes time, and not every developer out there in the wild is minded to, if aware, they need to do it.
For instance, I installed GNOME Web (from the noble repo) to create a few web-apps for sites I use. Alas, it doesn’t work (although the browser itself does). This is because AppArmor doesn’t have a profile for the Bubblewrap sandboxing tool it uses.
But the good news is that Ubuntu is open to adding profiles for apps, utilities, and services affected.
And a sizeable update to the AppArmor package is on the way to Ubuntu 24.04 LTS that includes profiles for scores of apps and tools.
Among apps which look set to run/work fully once the AppArmor SRU is installed:
- Balena Etcher
- Samba
- Wike
- Foliate
- Tuxedo Control Center
- Chromium Browser (non-snap)
- Transmission Bittorrent client
- Unshare
- Mozilla Firefox (binary, if moved to /opt/firefox/firefox)
And the addition of a profile for Bubblewrap will resolve other issues (like the GNOME Web one I mentioned) in applications and utilities that make use of it.
So keep an eye out for this update, install it from the ‘proposed’ repo (if you need it ASAP), or look into a manual workarounds (if you’re confident that you know what you’re doing) to get by in the meantime.
If there’s an app or feature you use which may been affected by the AppArmor restrictions (until GNOME Web I’d not hit any issues, so I’m curious) do share it in the comments.