Merge pull request #1003 from ivan-hc/dev

"AM" 8.3.2: warns if the system has namespace restrictions
ivan-hc · Oct 14, 2024 · e1a1706 · e1a1706
2 parents b7d0de4 + 129ac3c
commit e1a1706
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/APP-MANAGER b/APP-MANAGER
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-AMVERSION="8.3.1"
+AMVERSION="8.3.2"
 
 # Determine main repository and branch
 AMREPO="https://raw.githubusercontent.com/ivan-hc/AM/main"
@@ -211,7 +211,21 @@ function _am_dependences_check() {
 	fi
 }
 
+function _check_ubuntu_mess() {
+	if ! unshare --user -p /bin/true >/dev/null 2>&1; then
+		echo "$DIVIDING_LINE"
+		echo ""
+		echo -e " ${RED}⚠️ WARNING: ACCESS TO USER NAMESPACES IS RESTRICTED! \033[0m"
+		echo ""
+		echo " Some apps may not run, you need to enable access to user namespaces,"
+		echo -e " please visit ${LightBlue}https://github.com/ivan-hc/AM#ubuntu-mess\033[0m to know more."
+		echo ""
+		echo "$DIVIDING_LINE"
+	fi
+}
+
 _am_dependences_check
+_check_ubuntu_mess
 
 # Function to check online connections (uses github.com by default, as the database and CLI itself are stored/hosted there)
 function _online_check() {

diff --git a/README.md b/README.md
@@ -1479,7 +1479,9 @@ Introducing namespace restrictions via AppArmor is an additional security layer,
 
 **Canonical has only one interest in applying all these restrictions to Ubuntu: to enforce the use of Snap!**
 
-It's not that the Snapcraft database is that secure, it's not uncommon for some malicious user to have introduced malicious code into distributed applications. But as expected,Ubuntu is a distribution that knows how to attract criticism and disapproval. I say this as a former user (I started with Ubuntu 9.04): Canonical doesn't give a damn about Ubuntu users!
+It's not that the Snapcraft database is that secure, it's not uncommon for some malicious user to have introduced malicious code into distributed applications. The reason they disable namespaces is due to some older privilege escalation bugs, but the problem with that is that it doesn't matter on desktop usage, any malware can just wait for you to enter your sudo password when updating, not to mention that it can already do everything the regular user can do, including deleting everything owned by the user. 
+
+But as expected,Ubuntu is a distribution that knows how to attract criticism and disapproval. I say this as a former user (I started with Ubuntu 9.04): Canonical doesn't give a damn about Ubuntu users!
 
 There are two solutions to this problem, one simple and one a little more complex:
 1. The simple solution is to stop using Ubuntu, completely! Change distribution!