[Unstable Update] 2019-06-22 - Kernels, Pamac, Firefox, Python, Texlive

audit-2.8.5-3 wants # chmod 700 /var/log/audit/ -- mostly irrelevant anyway since we've disabled audit at the grub linux line...:hugs: for @grinner:

I'm getting a weird issue since today when I try to run the Atom Flatpak. Tested on Kernel 4.19 and 5.2

~ >>> flatpak run io.atom.Atom                                                 
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.

Can anyone else confirm this?

This happens with all flatpaks for me, so it looks like there is something broken.

Work

?

New security settings?

1 Like

Well yes, it works after setting it up manually.

As far as I understand it, user_namespaces are configured when a Kernel gets build, so I assume there was a change "restriction" recently which now affects Flatpak.

Please correct me if I'm wrong!

The user namespaces restriction does affect gnome-control-center too.
This is what I get when I try to set a local picture for the user account.

gnome-control-center -v

20:19:40.0120                      GLib:    DEBUG: posix_spawn avoided (fd close requested) (child_setup specified) 
20:19:40.0124              GnomeDesktop:    DEBUG: Failed to launch script: bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.

Hadn't updated my Unstable VM for a few/several days, but did it today. Amongst other packages this nicely took me from Plasma 5.16.1 to 5.16.2. After reboot it still all seems good.

The only issue i noted, which is NOT unique to today's update but has been happening for months, is that after the post-reboot login, as the plasma desktop is still building, this warning typically flashes up:

Filesystem mounted at '/home' is not responding

That does not occur afaik in my Testing & Stable VMs, nor in my real Testing & Stable PCs. Given i can always navigate through all my files in Dolphin, i've never really worried about this transient message.

https://bbs.archlinux.org/viewtopic.php?pid=1850094#p1850094
You are right.Arch patched their kernels too(to make them more vanilla)So Debian way should work in Manjaro
(sysctl kernel.unprivileged_userns_clone=1)

Ok, I got that.
What It is significant to me is that both packages with different extensions have same version.
Same program with two different names at same time on two branches. (not sure is that is normal).

Also I already informed that the detail button on one of them is not working.

Well I'm not a Kernel guru and so I hope for a official response whether this user namespaces change is a experiment or here to stay. And why it is needed, if at all.

2 Likes

We have to see if the addition of the apparmor to dbus created a ripple effect after we added full confinement support to snaps.

1 Like

This may not be the place to post this, if not let me know and I'll delete it.

It's my understanding the KDE rc2 has all the apparmor stuff activated but KDE-RC1 didn't?
I absolutely can not install KDE rc2 on my laptop. I spent an hour last night trying to get that dang thing to install but it would error (I have a screenshot if that's helpful).
However KDE rc1 works fine and it's currently updating behind me on my table with zero issues during install.
I'm not sure if it's apparmor related but it seems to be the biggest change and you mentioned dbus...
Here's the screenshot of one of the errors.
Also, I'm dumb... inxi

You're not alone. Looks like there is something fishy in this ISO.

I might have to update it and change some in the scripts. It can be in relation with the dbus changes. We will find a solution.

2 Likes

But in the meantime, apparmor is orphaned?

$ sudo pacman -Rsn $(pacman -Qqdt)
[sudo] password for mparillo: 
checking dependencies...

Packages (1) apparmor-2.13.3-2

DO NOT DO THIS!

I got a strange DBus error after rebooting after updating KDE-Dev early this morning. It looked to me as if it was after kwin loaded, but before Plasma, but that is just a guess.

Edit: There is now a separate thread for this:

FYI

[2019-06-27 00:16] [ALPM] upgraded dbus-x11 (1.12.16-1 -> 1.12.16-2)

Not boot, no TTY possible.
Update per mhwd-chroot - sudo pacman -Syu , new Kernel, etc ... dos not work.

Fixed with mhwd-chroot - sudo pacman-mirrors -f3 - sudo pacman -Syyu

[2019-06-27 13:38] [ALPM] upgraded dbus-x11 (1.12.16-2 -> 1.12.16-3)

Trouble launching kate from KDE-Dev. It silently fails from the Application Launcher. From konsole, I get:

$ kate
kate: error while loading shared libraries: libgit2.so.27: cannot open shared object file: No such file or directory

Have to see. Kate is following the stable tree. Most likely check what Version that library has now and create a symlink to make it temp work again. We have to see if Kate needs a general rebuild.

Found the issue. It is because of our KDE framework. Needs a rebuild.

https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/ktexteditor&id=13428ef1468804e49d3f4b78392283f3d86b9f80

2 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by