The snap on stable/pkcs has been built with (what I gather are) the
essential components — opensc-pkcs11, libpcsclite, and also a couple of
debugging utilities — for the most basic and supported smart cards. You
may want to test it, if so keep reading.
You would also need pcscd installed and started in your system.
There is a merge request[1] currently under review to allow the snap to
use the pcscd socket; Until it's merged you'd need to manually allow
access to the socket in
/var/lib/snapd/apparmor/profiles/snap.chromium.chromium.
So if your smart card is supported by OpenSC[2], the full recipe is
--->
snap install --channel stable/pkcs chromium
apt install pcscd
systemctl start pcscd.socket
editor /var/lib/snapd/apparmor/profiles/snap.chromium.chromium
#Insert "/{var/,}run/pcscd/pcscd.comm rwm," before the last bracket.
apparmor_parser -r
chromium --enable-logging=stderr &> chr.log
<---
Attach chr.log or the system's journal if you see any relevant error or
denial there.
Bear in mind that I was oblivious to the components involved until I
started looking at this bug and I still don't have a complete picture of
them. So please point out any mistake or omission you can find.
[1] https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843392/comments/9
[2] https://github.com/snapcore/snapd/pull/12847
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1967632
Title:
[snap] apparmor denied when trying to load pkcs11 module for smart
card authentication
Status in Mozilla Firefox:
Confirmed
Status in chromium-browser package in Ubuntu:
In Progress
Status in firefox package in Ubuntu:
Triaged
Bug description:
I use a smart card to access government sites. I have that working in
firefox and chrome on ubuntu impish, and gave jammy a try, but there
firefox won't load the library, giving me a generic error.
dmesg, however, shows this apparmor denied message:
[sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
Note also the path, that's not what I typed into the firefox dialog box. I
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and
that's what I typed in when prompted for its path by firefox.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: firefox 1:1snap1-0ubuntu2
ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
Uname: Linux 5.15.0-23-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu80
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Sat Apr 2 17:34:09 2022
InstallationDate: Installed on 2022-03-20 (13 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
Snap.Changes: no changes found
SourcePackage: firefox
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
