[02:15] @pilot out === ChanServ changed the topic of #ubuntu-devel to: Archive: Feature Freeze | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Focal-Noble | Patch Pilots: vorlon [08:41] hello, could an #archive-admins please approve https://launchpad.net/ubuntu/+source/s390-tools/2.34.0-0ubuntu2 for s390x (needed due to signing) - ty === utkarsh40 is now known as utkarsh2102 [16:50] georgiag: so I'm guessing the profile is *not* loaded. This is in a live session. [16:50] arraybolt3: ah, that's exactly why then. apparmor doesn't load the profiles in a live session [16:50] aha [16:51] I assume that's done intentionally, could I inquire why? [16:52] we didn't want apparmor blocking anything on a live image... but that's becomes an issue for the userns restriction that we never addressed [16:52] mmm [16:52] so it was meant to avoid blocking things but now it is blocking things. [16:52] how badly could it backfire to just go ahead and load the profiles anyway? [16:53] * arraybolt3 attempts said stunt in a VM [16:54] doing that doesn't seem to immediately make anything go haywire, but the evolution profile now shows up and Evolution launches. [16:54] arraybolt3: there's been some discussion in https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088 [16:54] -ubottu:#ubuntu-devel- Launchpad bug 2065088 in apparmor (Ubuntu) "AppArmor profiles allowing userns not immediately active in 24.04 live image" [Undecided, Confirmed] [17:00] georgiag: added an idea to that bug, to me it seems like if the goal is to keep AppArmor from doing much of anything on the live ISO, just disable the user namespace restrictions too. The release notes have instructions on how to do so. [17:00] tl;dr: ``echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns`` === utkarsh34 is now known as utkarsh2102 === matttbe1 is now known as matttbe