[pkg-apparmor] "WARNING: Glycin running without sandbox" when AppArmor profile doesn't allow the sandbox to work
intrigeri
intrigeri at debian.org
Wed Feb 25 11:05:23 GMT 2026
intrigeri (2026-02-24):
> IIRC I've seen a comment somewhere in a discussion on an issue or PR
> in the https://github.com/roddhjav/apparmor.d/ project that said it
> was possible to force Glycin to turn off its sandboxing, by denying
> 1 of the access it was using on startup to check if sandboxing
> was possible.
>
> This is clearly a poor long-term choice, but if a 1-liner quick fix
> implements this (bringing us back to where we were 2 weeks ago in
> terms of security and bugs), it might buy us some time while we figure
> out how we want to approach the whole thing.
>
> I'll try to find this workaround tomorrow.
I could not figure out how to do that without evince 48.1-3 crashing
on startup, so I'm not confident in this temporary quick fix.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list