When using Bubblewrap (the bwrap command) to create a container in Ubuntu 24.04 you can expect to get one of the following error messages:
bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted bwrap: setting up uid map: Permission denied
This is due to Ubuntu developers deciding to use Apparmor to restrict the creation of user namespaces. Here is a Ubuntu blog post about it [1].
To resolve that you could upgrade to SE Linux, but the other option is to create a file named /etc/apparmor.d/bwrap with the following contents:
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bwrap>
}
Then run “systemctl reload apparmor“.
Is there an Ubuntu bug about shipping apparmor configuration for bubblewrap in the appropriate deb package by default?
I don’t know if someone filed a bug report about so many things failing to work, someone probably should. Would you like to?
This fixed the Gnome Software app not launching Flatpaks for me on Ubuntu 24.04. Thank you!