Ubuntu 24.04 and Bubblewrap
Categories :
When using Bubblewrap (the bwrap command) to create a container in Ubuntu 24.04 you can expect to get one of the following error messages:
bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted bwrap: setting up uid map: Permission denied
This is due to Ubuntu developers deciding to use Apparmor to restrict the creation of user namespaces. Here is a Ubuntu blog post about it [1].
To resolve that you could upgrade to SE Linux, but the other option is to create a file named /etc/apparmor.d/bwrap with the following contents:
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bwrap>
}
Then run “systemctl reload apparmor“.
Related posts:
- Sandboxing Phone Apps As a follow up to Wayland [1]: A difficult problem...
- Kernel issues with Debian Xen and CentOS Kernels Last time I tried using a Debian 64bit Xen kernel...
- systemd-nspawn and Private Networking Currently there’s two things I want to do with my...
- SE Linux – not too difficult for new users At http://tanso.net/selinux/ Jan-Frode Myklebust has documented his work in creating...
- creating a new SE Linux policy module Creating a simple SE Linux policy module is not difficult....
3 thoughts on “Ubuntu 24.04 and Bubblewrap”
Comments are closed.
Is there an Ubuntu bug about shipping apparmor configuration for bubblewrap in the appropriate deb package by default?
I don’t know if someone filed a bug report about so many things failing to work, someone probably should. Would you like to?
This fixed the Gnome Software app not launching Flatpaks for me on Ubuntu 24.04. Thank you!