[solved]: ubuntu 24.04 broke sandboxing: how2 fix?

Question

!! The solution is not the link provided by the editor, but below this question! At least on my Ubuntu 24.04 it is not enough to set only one parameter, I had to set 2 parameters (see below)

An awfull lot of apps were broken after ubuntu introduced enhanced namespace restrictions: dockers, Podmans, LXC/LXDs, Chrome, webex, cryptowallets etc etc etc ...

https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#p-99950-unprivileged-user-namespace-restrictions

It mostly has to do with broken sandboxing. I found myself only bug-fixing simple apps hours long.

Is there a simple solution to reward those changes, make my system again compatible with standard apps without:

create an apparmor profile for each app
unsandbox my apps?
sysctl kernel.unprivileged_userns_clone=1
erasing my whole system and installing debian??

Ubuntu was just irresponsible in forcing those changes without considering the consequences! Agree? Pls help find a definitive fix! Thx

score 0 · Answer 1 · answered Apr 15 '25 at 08:22

0

Solved!

sudo sysctl kernel.unprivileged_userns_clone=1

is not enough in ubuntu 24.04. You have to additionally set

sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0

Best is set it permanently in a /etc/sysctl.d file.

answered Apr 15 '25 at 08:22

user152037

379

[solved]: ubuntu 24.04 broke sandboxing: how2 fix?

1 Answers1