Bug#975039: Evolution 3.38.1-2 fails to render emails: WebKitWebProcess crashed. Sandbox
Simon McVittie
smcv at debian.org
Sat Dec 5 20:00:44 GMT 2020
On Sat, 05 Dec 2020 at 13:55:04 +0100, Kai Juse wrote:
> bwrap: No permissions to creating new namespace, likely because the kernel
> does not allow non-privileged user namespaces. On e.g. debian this can be
> enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
On standard Debian kernels, /usr/bin/bwrap needs to be setuid root. Is it?
The bwrap package should set this up automatically, unless you have
reconfigured it with dpkg-statoverride.
It is also possible to make /usr/bin/bwrap not be setuid (the same as on
Ubuntu and Fedora, for example) using dpkg-statoverride, but if you do
that, you need to configure the kernel as suggested in the error message
(so the kernel makes the same security tradeoffs that it does on Ubuntu
and Fedora).
See https://bugs.debian.org/898446 for more information on the security
tradeoffs.
smcv
More information about the pkg-gnome-maintainers
mailing list