(In reply to Olivier Tilloy from comment #1) > (from > https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1843392/comments/1) > > The proposed approach to solve this that was discussed with the Ubuntu > security team is: > - stage common PKCS modules in the snap > - add a layout for `/usr/lib/pkcs11` pointing to a writeable area of the > snap (e.g. `$SNAP_USER_DATA/.local/lib`) > - on first run, copy the common PKCS modules to that writeable area > - document that custom modules (and their dependencies?) should be manually > copied to that directory > - create a new interface (not auto-connected, that's okay) for access to > `/var/run/pcscd/pcscd.comm` > > I'm not familiar with how smart card readers work though, so feedback and > suggestions are welcome.
Why can't the snap package be configured to just let access to /var/run/pcscd/pcscd.comm? The PKCS#11 libs are normally platform/distribution dependent, so you can't just include it in a snap package hoping this will works anywhere. Dependencies are more platform dependent, 1 over all: libpcsclite.so.1 library shall match the protocol version of his server, you can't just bring it in the snap packages and hope it works. It looks like Snap is by now very immature technology to run the default version of FF on Ubuntu. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1967632 Title: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication Status in Mozilla Firefox: Confirmed Status in firefox package in Ubuntu: Triaged Bug description: I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
