Typically after a Linux Kernel update, you will want to reboot your machine to take advantage of the new kernel. But how do you know if you need to reboot?
Fortunately, there is a simple way to check.
cat /var/run/reboot-requiredIf it returns
*** System restart required ***
Then we should reboot the machine.
https://www.cyberciti.biz/faq/how-to-find-out-if-my-ubuntudebian-linux-server-needs-a-reboot/
If you have installed the hardened Linux Kernel on Fedora, you may have encountered the following error when trying to launch Flatpak applications.
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'. error: Failed to sync with dbus proxy
https://github.com/containers/bubblewrap/issues/324
The issue looks to arise from the fact that the hardened Linux Kernel disables unprivileged name space and Fedora does not have setuid on by default on the bubblewrap executable.
You can set the setuid permission on the bubblewrap executable with
sudo chmod u+s /usr/bin/bwrap
You could also allow unprivileged name space by running
sysctl kernel.unprivileged_userns_clone=1
Note that setting the setuid seems the safer/recommended option.
It looks like using the setuid binary for bubblewrap would be better to use then enabling unprivileged user space.
https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl-kernel
If you would like to remove the setuid permission for any reason, you can with the following command.
sudo chmod u-s /usr/bin/bwrap
First you can search for “About System” in the KDE or Gnome search boxes to find the information.
From a terminal you can use the following command
uname -r
Example output
4.15.0-65-generic