| Summary: | Discover needs an apparmor rule to update flatpaks with apply_extra scripts | ||
|---|---|---|---|
| Product: | [Applications] Discover | Reporter: | David Redondo <kde> |
| Component: | Flatpak Backend | Assignee: | Plasma Bugs List <plasma-bugs-null> |
| Status: | RESOLVED DOWNSTREAM | ||
| Severity: | normal | CC: | aleixpol, jgrulich, sitter, travier |
| Priority: | NOR | ||
| Version First Reported In: | master | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
We don't ship apparmor profiles. That's apparmor itself, or ubuntu possibly. https://gitlab.com/apparmor/apparmor/-/tree/master/profiles/apparmor.d |
SUMMARY STEPS TO REPRODUCE 1. Try to update a flatpak which has apply_extra such as chrome on Neon (I guess ubuntu as well) OBSERVED RESULT An error pops up without further information, if there are N pending updates there will be N errors the actual error is bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted EXPECTED RESULT Update should work like when typing flatpak update ADDITIONAL INFORMATION I am not sure if software is expected to ship apparmor rules or the distro. flatpak rule is shipped with apparmor itself cat /etc/apparmor.d/flatpak # This profile allows everything and only exists to give the # application a name instead of having the label "unconfined" abi <abi/4.0>, include <tunables/global> profile flatpak /usr/bin/flatpak flags=(unconfined) { userns, # Site-specific additions and overrides. See local/README for details. include if exists <local/flatpak> }