1909616 - User namespaces warning is alarmist and not actionable with flatpak

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Kestrel]

Bug 1899516 introduced a new warning about user namespaces:

Some of Nightly's security features may offer less protection on your current operating system. How to fix this issue.

This links to a SUMO article that suggests an AppArmor profile which is not relevant to flatpak. User namespaces are not supported with flatpak (Bug 1756236) and this is not considered a big deal (Bug 1882881) due to the existing flatpak isolation. The warning is alarmist and confusing for flatpak users and should be suppressed.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

:gerard-majax, since you are the author of the regressor, bug 1899516, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Comment 2

[:gerard-majax]

I'm surprised we report the feature on flatpak

Comment 3

[:gerard-majax]

We can rely on gIOService it looks: https://searchfox.org/mozilla-central/rev/b3c85ac11d004fdb582577cd8f674efa44b0e253/browser/components/preferences/main.js#1732

Comment 4

[:gerard-majax]

Or even directly sysinfo which we already have, isPackagedApp: https://searchfox.org/mozilla-central/rev/b3c85ac11d004fdb582577cd8f674efa44b0e253/xpcom/base/nsSystemInfo.cpp#1528-1530

Comment 5

[:gerard-majax]

Attachment: Bug 1909616 - Do not report userns notification on Flatpak/Snap/Deb r?gcp!

Comment 6

[:gerard-majax]

Comment on attachment 9414582 [details]
Bug 1909616 - Do not report userns notification on Flatpak/Snap/Deb r?gcp!

Beta/Release Uplift Approval Request

• User impact if declined: Incorrect notification of reduced security of the sandbox
• Is this code covered by automated tests?: Yes
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): At worst we would not be showing the notification at all. The fix only relies on pre-existing code that sources the information of whether we are running as a Packaged App (Flatpak/Snap/Deb) and avoids showing the notification if it's the case. Impact is limited to Flatpak.
• String changes made/needed:
• Is Android affected?: No

Comment 7

[:gerard-majax]

While bug 1899516 was uplifted to ESR128, we dont need to uplift this fix because it is only relevant for Flatpak which we don't ship ESR of.

Comment 8

[:gerard-majax]

It should be part of the next beta pushed to flatpak. I believe we're too late for beta 8, so it will be beta 9. Please reopen in case it still happens, but from my local testing it was OK.

Comment 9

[Pulsebot]

Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fcd48a1ad31e
Do not report userns notification on Flatpak/Snap/Deb r=gcp

Comment 10

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/fcd48a1ad31e

Comment 11

[Kestrel]

Unofficial flatpak Nightly 130.0a1 (2024-07-24) no longer shows the user namespaces warning notification message.

Comment 12

[:gerard-majax]

(In reply to Kestrel from comment #11)

Unofficial flatpak Nightly 130.0a1 (2024-07-24) no longer shows the user namespaces warning notification message.

Thanks, I did not knew there was this project. It looks like they are doing their own repack, this might break when we fix some of the desktop files changes

Comment 14

[Donal Meehan [:dmeehan]]

Comment on attachment 9414582 [details]
Bug 1909616 - Do not report userns notification on Flatpak/Snap/Deb r?gcp!

Approved for 129.0b9

Comment 15

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-beta/rev/509d4746f2d6