```about:support``` will give ```User Namespaces``` as ```false``` instead of ```true```. The sandbox level won't change, as the different features are more like bitflags than levels and the levels reflect what combinations we tested to work correctly - not necessarily what effectively does anything on your underlying distro/kernel, because as the past has shown, distros can randomly disable or break security features (it's pure luck Ubuntu's change crashed us to begin with thus signaling something was wrong). >Some folks might notice that and wonder why, at least. We could make the ```User Namespaces``` line be yellow instead of just ```false``` to signal that this is something the user could try to fix on their configuration. Media does it for codec support. >potentially even prevent launching unless the issue is fixed or the user overrides the warning The affected people are those who did a manual install without using our deb packages or whatever Ubuntu ships, so dumping a warning to the command line and refusing to start without overrule would be reasonable. But it's a nightmare for upgrade scenarios: you upgrade your Ubuntu to 24.04 and suddenly Firefox stops working. There's no guarantee you ever see the warning if you're using a desktop shortcut - that feels like a severe issue for what is a defense in depth feature (as explained in the other bugs, you're still sandboxed without this, which is a difference from other browsers). >A user-facing notification or announcement is more problematic. I agree, this is an UX nightmare: https://bugzilla.mozilla.org/show_bug.cgi?id=1884347#c22. It's an obscure detail of Linux security internals, it requires a per-distro explanation of how to fix, and we may not be able to reliably diagnose the cause from within Firefox itself, so linking to some huge SUMO page is probably the best we can do. Even the message in the New Tab/First Run Page has serious issues, for example if it's not actionable by the user (if they're not the sysadmin of the system). From my perspective this is 100% a distro issue, but of course Ubuntu is just going to go 🙈 🙉 because *their* packages and Snap work correctly. Based on this, making the warning in ```about:support``` more prominent feels like the best we can do for now. (There's a whole other discussion whether killing security features for desktop use cases is a sensible trade-off to help a server use case, but I think Ubuntu hasn't even replied to my emails about that...)
Bug 1888989 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
```about:support``` will give ```User Namespaces``` as ```false``` instead of ```true```. The sandbox level won't change, as the different features are more like bitflags than levels and the levels reflect what combinations we tested to work correctly - not necessarily what effectively does anything on your underlying distro/kernel, because as the past has shown, distros can randomly disable or break security features (it's pure luck Ubuntu's change crashed us to begin with thus signaling something was wrong). >Some folks might notice that and wonder why, at least. We could make the ```User Namespaces``` line be yellow instead of just ```false``` to signal that this is something the user could try to fix on their configuration. Media does it for codec support. >potentially even prevent launching unless the issue is fixed or the user overrides the warning The affected people are those who did a manual install without using our deb packages or whatever Ubuntu ships, so dumping a warning to the command line and refusing to start without overrule would be reasonable. But it's a nightmare for upgrade scenarios: you upgrade your Ubuntu to 24.04 and suddenly Firefox stops working. There's no guarantee you ever see the warning if you're using a desktop shortcut - that feels like a severe issue for what is a defense in depth feature (as explained in the other bugs, you're still sandboxed without this, which is a difference from other browsers). >A user-facing notification or announcement is more problematic. I agree, this is an UX nightmare: https://bugzilla.mozilla.org/show_bug.cgi?id=1884347#c22. It's an obscure detail of Linux security internals, it requires a per-distro explanation of how to fix, and we may not be able to reliably diagnose the cause from within Firefox itself, so linking to some huge SUMO page is probably the best we can do. Even the message in the New Tab/First Run Page has serious issues, for example if it's not actionable by the user (if they're not the sysadmin of the system). From my perspective this is 100% a distro issue, but of course Ubuntu is just going to go 🙈 🙉 because *their* packages and Snap work correctly. Based on this, making the warning in ```about:support``` more prominent with colors feels like the best we can do for now. (There's a whole other discussion whether killing security features for desktop use cases is a sensible trade-off to help a server use case, but I think Ubuntu hasn't even replied to my emails about that...)
```about:support``` will give ```User Namespaces``` as ```false``` instead of ```true```. The sandbox level won't change, as the different features are more like bitflags than levels and the levels reflect what combinations we tested to work correctly - not necessarily what effectively does anything on your underlying distro/kernel, because as the past has shown, distros can randomly disable or break security features (it's pure luck Ubuntu's change crashed us to begin with thus signaling something was wrong). >Some folks might notice that and wonder why, at least. We could make the ```User Namespaces``` line be yellow instead of just ```false``` to signal that this is something the user could try to fix on their configuration. Media does it for codec support. >potentially even prevent launching unless the issue is fixed or the user overrides the warning The affected people are those who did a manual install without using our deb packages or whatever Ubuntu ships, so dumping a warning to the command line and refusing to start without overrule would be reasonable. But it's a nightmare for upgrade scenarios: you upgrade your Ubuntu to 24.04 and suddenly Firefox stops working. There's no guarantee you ever see the warning if you're using a desktop shortcut - that feels like a severe issue for what is a defense in depth feature (as explained in the other bugs, you're still sandboxed without this, which is a difference from other browsers). >A user-facing notification or announcement is more problematic. I agree, this is an UX nightmare: https://bugzilla.mozilla.org/show_bug.cgi?id=1884347#c22. It's an obscure detail of Linux security internals, it requires a per-distro explanation of how to fix, and we may not be able to reliably diagnose the cause from within Firefox itself, so linking to some huge SUMO page is probably the best we can do. Even the message in the New Tab/First Run Page has serious issues, for example if it's not actionable by the user (if they're not the sysadmin of the system). From my perspective this is 100% a distro issue, but of course Ubuntu is just going to go 🙈 🙉 because *their* packages and Snap work correctly. Based on this, making the warning in ```about:support``` more prominent with colors feels like the best we can do for now. (There's a whole other discussion whether the underlying Linux feature can't be reworked to enable the limited features desktop needs while hammering down the server use case more - instead of killing it with a sledgehammer - but with only the browsers making much use of it, I'm not sure we're going to see a lot of movement)