Public bug reported: Ubuntu 22.04 LTS Jammy x64
I hope this is the correct package to assign this request to: In KDE Plasma 6, the Chromium snap cannot longer access KDE Wallet to decrypt its password store. This makes all stored passwords unavailable as soon as the system is upgraded from Plasma 5 to Plasma 6. Chromium writes the following error messages to the console: ----------------------------------------------------------------------------- [5362:5362:0324/103716.837413:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="isEnabled" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.837451:ERROR:kwallet_dbus.cc(112)] Error contacting kwalletd6 (isEnabled) [5362:5362:0324/103716.838022:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files [5362:5362:0324/103716.838042:ERROR:kwallet_dbus.cc(81)] Error contacting klauncher to start kwalletd6 [5362:5362:0324/103716.838264:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="close" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.838295:ERROR:kwallet_dbus.cc(503)] Error contacting kwalletd6 (close) ----------------------------------------------------------------------------- Followed by hundreds of messages as the following: ----------------------------------------------------------------------------- ERROR:login_database.cc(1046) Password decryption failed, encryption_result is 2 ----------------------------------------------------------------------------- It appears to work to "just" whitelist the new kwalletd module name in /var/lib/snapd/apparmor/profiles/snap.chromium.chromium (and maybe /var/lib/snapd/apparmor/profiles/snap.chromium.chromedriver ?) followed by $ systemctl restart apparmor $ systemctl restart snapd.apparmor $ systemctl restart apparmor (Not sure if both of these are necessary, and if so, in what order.) and completely restart Chromium. The new KWallet section looks as follows - I only added the ",6" to the patterns: ----------------------------------------------------------------------------- # KWallet's client API is still in use in KDE/Plasma. It's DBus API relies upon # member data for access to its 'folders' and 'entries' and it therefore does # not allow for application isolation via AppArmor. For details, see: # - https://cgit.kde.org/kdelibs.git/tree/kdeui/util/kwallet.h?h=v4.14.33 # dbus (receive, send) bus=session path=/modules/kwalletd{,5,6} interface=org.freedesktop.DBus.* peer=(label=unconfined), dbus (receive, send) bus=session path=/modules/kwalletd{,5,6} interface=org.kde.KWallet peer=(label=unconfined), ----------------------------------------------------------------------------- I hope that at least this report may be found by other people running into the same trouble I just did... ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New ** Tags: jammy ** Description changed: + Ubuntu 22.04 LTS Jammy x64 + + I hope this is the correct package to assign this request to: In KDE Plasma 6, the Chromium snap cannot longer access KDE Wallet to decrypt its password store. This makes all stored passwords unavailable as soon as the system is upgraded from Plasma 5 to Plasma 6. Chromium writes the following error messages to the console: - ----------------------------------------------------------------------------- [5362:5362:0324/103716.837413:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="isEnabled" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.837451:ERROR:kwallet_dbus.cc(112)] Error contacting kwalletd6 (isEnabled) [5362:5362:0324/103716.838022:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files [5362:5362:0324/103716.838042:ERROR:kwallet_dbus.cc(81)] Error contacting klauncher to start kwalletd6 [5362:5362:0324/103716.838264:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="close" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.838295:ERROR:kwallet_dbus.cc(503)] Error contacting kwalletd6 (close) ----------------------------------------------------------------------------- - Followed by hundreds of messages as the following: ----------------------------------------------------------------------------- ERROR:login_database.cc(1046) Password decryption failed, encryption_result is 2 ----------------------------------------------------------------------------- - It appears to work to "just" whitelist the new kwalletd module name in /var/lib/snapd/apparmor/profiles/snap.chromium.chromium (and maybe /var/lib/snapd/apparmor/profiles/snap.chromium.chromedriver ?) followed by $ systemctl restart apparmor $ systemctl restart snapd.apparmor $ systemctl restart apparmor (Not sure if both of these are necessary, and if so, in what order.) and completely restart Chromium. - - The new KWallet section looks as follows - I only added the ",6" to the patterns: - + The new KWallet section looks as follows - I only added the ",6" to the + patterns: ----------------------------------------------------------------------------- # KWallet's client API is still in use in KDE/Plasma. It's DBus API relies upon # member data for access to its 'folders' and 'entries' and it therefore does # not allow for application isolation via AppArmor. For details, see: # - https://cgit.kde.org/kdelibs.git/tree/kdeui/util/kwallet.h?h=v4.14.33 # dbus (receive, send) - bus=session - path=/modules/kwalletd{,5,6} - interface=org.freedesktop.DBus.* - peer=(label=unconfined), + bus=session + path=/modules/kwalletd{,5,6} + interface=org.freedesktop.DBus.* + peer=(label=unconfined), dbus (receive, send) - bus=session - path=/modules/kwalletd{,5,6} - interface=org.kde.KWallet - peer=(label=unconfined), + bus=session + path=/modules/kwalletd{,5,6} + interface=org.kde.KWallet + peer=(label=unconfined), ----------------------------------------------------------------------------- I hope that at least this report may be found by other people running into the same trouble I just did... -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2058840 Title: Chromium Snap & KDE Plasma 6: AppArmor Profile Update Needed Status in chromium-browser package in Ubuntu: New Bug description: Ubuntu 22.04 LTS Jammy x64 I hope this is the correct package to assign this request to: In KDE Plasma 6, the Chromium snap cannot longer access KDE Wallet to decrypt its password store. This makes all stored passwords unavailable as soon as the system is upgraded from Plasma 5 to Plasma 6. Chromium writes the following error messages to the console: ----------------------------------------------------------------------------- [5362:5362:0324/103716.837413:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="isEnabled" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.837451:ERROR:kwallet_dbus.cc(112)] Error contacting kwalletd6 (isEnabled) [5362:5362:0324/103716.838022:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files [5362:5362:0324/103716.838042:ERROR:kwallet_dbus.cc(81)] Error contacting klauncher to start kwalletd6 [5362:5362:0324/103716.838264:ERROR:object_proxy.cc(576)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.113" (uid=1000 pid=5362 comm="/snap/chromium/2786/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.kde.KWallet" member="close" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd6" (uid=1000 pid=2523 comm="/usr/bin/kwalletd6 --pam-login 13 14 " label="unconfined") [5362:5362:0324/103716.838295:ERROR:kwallet_dbus.cc(503)] Error contacting kwalletd6 (close) ----------------------------------------------------------------------------- Followed by hundreds of messages as the following: ----------------------------------------------------------------------------- ERROR:login_database.cc(1046) Password decryption failed, encryption_result is 2 ----------------------------------------------------------------------------- It appears to work to "just" whitelist the new kwalletd module name in /var/lib/snapd/apparmor/profiles/snap.chromium.chromium (and maybe /var/lib/snapd/apparmor/profiles/snap.chromium.chromedriver ?) followed by $ systemctl restart apparmor $ systemctl restart snapd.apparmor $ systemctl restart apparmor (Not sure if both of these are necessary, and if so, in what order.) and completely restart Chromium. The new KWallet section looks as follows - I only added the ",6" to the patterns: ----------------------------------------------------------------------------- # KWallet's client API is still in use in KDE/Plasma. It's DBus API relies upon # member data for access to its 'folders' and 'entries' and it therefore does # not allow for application isolation via AppArmor. For details, see: # - https://cgit.kde.org/kdelibs.git/tree/kdeui/util/kwallet.h?h=v4.14.33 # dbus (receive, send) bus=session path=/modules/kwalletd{,5,6} interface=org.freedesktop.DBus.* peer=(label=unconfined), dbus (receive, send) bus=session path=/modules/kwalletd{,5,6} interface=org.kde.KWallet peer=(label=unconfined), ----------------------------------------------------------------------------- I hope that at least this report may be found by other people running into the same trouble I just did... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2058840/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
