diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | dist-assets/linux/after-install.sh | 17 | ||||
| -rw-r--r-- | dist-assets/linux/after-remove.sh | 6 | ||||
| -rw-r--r-- | dist-assets/linux/apparmor_mullvad | 8 | ||||
| -rw-r--r-- | gui/tasks/distribution.js | 1 |
5 files changed, 36 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1149d96271..3460d73f0e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,10 @@ Line wrap the file at 100 chars. Th ### Added - Add custom bridge settings in GUI. +### Fixed +#### Linux +- Fix GUI not working on Ubuntu 24.04 by adding an AppArmor profile. + ## [2024.2] - 2024-04-29 ### Fixed diff --git a/dist-assets/linux/after-install.sh b/dist-assets/linux/after-install.sh index 20e07be59a..7701202b46 100644 --- a/dist-assets/linux/after-install.sh +++ b/dist-assets/linux/after-install.sh @@ -6,3 +6,20 @@ chmod u+s "/usr/bin/mullvad-exclude" systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service" systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service" systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service" + +# return 0 if version $1 is greater than or equal to $2 +function version_is_ge { + [ "$1" = "$2" ] && return 0 + printf '%s\n' "$2" "$1" | sort -C -V +} + +# Ubuntu 24.04 or newer: Install apparmor profile to allow Electron sandbox to work +# This disables user namespace restrictions +os=$(grep -oP '^ID=\K.+' /etc/os-release | tr -d '"') +version=$(grep -oP '^VERSION_ID=\K.+' /etc/os-release | tr -d '"') + +if [[ "$os" == "ubuntu" ]] && version_is_ge "$version" "24.04"; then + echo "Creating apparmor profile" + cp /opt/Mullvad\ VPN/resources/apparmor_mullvad /etc/apparmor.d/mullvad + apparmor_parser -r /etc/apparmor.d/mullvad || echo "Failed to reload apparmor profile" +fi diff --git a/dist-assets/linux/after-remove.sh b/dist-assets/linux/after-remove.sh index 2b3a93e5f2..2eb8387b04 100644 --- a/dist-assets/linux/after-remove.sh +++ b/dist-assets/linux/after-remove.sh @@ -74,3 +74,9 @@ esac # Different electron versions can have incompatible GPU caches. Clearing it on upgrades makes sure # the same cache is not used across versions. clear_gpu_cache + +# Remove apparmor profile +if apparmor_parser -R /etc/apparmor.d/mullvad &>/dev/null; then + echo "Removing apparmor profile" + rm -f /etc/apparmor.d/mullvad || echo "Failed to delete apparmor profile" +fi diff --git a/dist-assets/linux/apparmor_mullvad b/dist-assets/linux/apparmor_mullvad new file mode 100644 index 0000000000..ac06ebd9fc --- /dev/null +++ b/dist-assets/linux/apparmor_mullvad @@ -0,0 +1,8 @@ +abi <abi/4.0>, +include <tunables/global> + +profile mullvad /opt/Mullvad\ VPN/mullvad-gui flags=(unconfined) { + userns, + # Site-specific additions and overrides. See local/README for details. + include if exists <local/mullvad> +}
\ No newline at end of file diff --git a/gui/tasks/distribution.js b/gui/tasks/distribution.js index ada829057b..6cae17885a 100644 --- a/gui/tasks/distribution.js +++ b/gui/tasks/distribution.js @@ -175,6 +175,7 @@ const config = { { from: distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-problem-report')), to: '.' }, { from: distAssets(path.join(getLinuxTargetSubdir(), 'mullvad-setup')), to: '.' }, { from: distAssets(path.join(getLinuxTargetSubdir(), 'libtalpid_openvpn_plugin.so')), to: '.' }, + { from: distAssets(path.join('linux', 'apparmor_mullvad')), to: '.' }, { from: distAssets(path.join('binaries', '${env.TARGET_TRIPLE}', 'openvpn')), to: '.' }, ], }, |