[Desktop-packages] [Bug 1738164] Re: [snap] U2F doesn't work with yubikey
Sorry forgot journalctl -f: -- Logs begin at Sun 2018-08-12 21:54:04 CEST. -- ago 16 19:20:29 Alex thunderbird.desktop[25941]: [Parent 26418, Gecko_IOThread] WARNING: pipe error (113): Conexión reinicializada por la máquina remota: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353 ago 16 19:37:40 Alex dbus-daemon[18014]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/secrets" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.secrets" pid=27271 label="snap.chromium.chromium" peer_pid=18002 peer_label="unconfined" ago 16 19:37:40 Alex audit[989]: USER_AVC pid=989 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=26979 label="snap.chromium.chromium" peer_pid=985 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' ago 16 19:37:40 Alex kernel: audit: type=1107 audit(1534441060.543:176): pid=989 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=26979 label="snap.chromium.chromium" peer_pid=985 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' ago 16 19:37:47 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:37:47 Alex kernel: audit: type=1400 audit(1534441067.899:177): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:37:47 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:37:47 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:37:47 Alex kernel: audit: type=1400 audit(1534441067.927:178): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:37:47 Alex kernel: audit: type=1400 audit(1534441067.927:179): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex kernel: audit: type=1400 audit(1534441092.615:180): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex audit[26979]: AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex kernel: audit: type=1400 audit(1534441092.643:181): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:12 Alex kernel: audit: type=1400 audit(1534441092.643:182): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=26979 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ago 16 19:38:16 Alex kernel: usb 1-9: new full-speed USB device number 11 using xhci_hcd ago 16 19:38:16 Alex kernel: usb 1-9: New USB device found, idVendor=1050, idProduct=0116 ago 16 19:38:16 Alex kernel: usb 1-9: New USB device strings: Mfr=1, Product=2, SerialNumber=0 ago 16 19:38:16 Alex kernel: usb 1-9: Product: Yubikey NEO OTP+U2F+CCID ago 16 19:38:16 Alex kernel: usb 1-9: Manufacturer: Yubico ago 16 19:38:16 Alex kernel: input: Yubico Yubikey NEO OTP+U2F+CCID as
[Desktop-packages] [Bug 1738164] Re: [snap] U2F doesn't work with yubikey
I have the same issue, my Yubikey is the yibikey neo 4 model, it does support U2F. after installing Ubuntu 18.04.01 I followed yubico's instructions: https://support.yubico.com/support/solutions/articles/1506449-using- your-u2f-yubikey-with-linux which means I have a udev rule for the device, but dmesg was still mapping to snap.chromium. At this point the U2F seemed to wait for input until timeout, whereas the key's LED would flash like if it were in process of system recognition indefinitelly (as seen from dmesg, it seems chromium it continously attempting to read the device, but there are permission restrictions). dmesg: [18519.805380] usb 1-9: new full-speed USB device number 9 using xhci_hcd [18519.954776] usb 1-9: New USB device found, idVendor=1050, idProduct=0116 [18519.954782] usb 1-9: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [18519.954785] usb 1-9: Product: Yubikey NEO OTP+U2F+CCID [18519.954789] usb 1-9: Manufacturer: Yubico [18519.956412] input: Yubico Yubikey NEO OTP+U2F+CCID as /devices/pci:00/:00:14.0/usb1/1-9/1-9:1.0/0003:1050:0116.0006/input/input20 [18520.014104] hid-generic 0003:1050:0116.0006: input,hidraw1: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+U2F+CCID] on usb-:00:14.0-9/input0 [18520.015266] hid-generic 0003:1050:0116.0007: hiddev0,hidraw2: USB HID v1.10 Device [Yubico Yubikey NEO OTP+U2F+CCID] on usb-:00:14.0-9/input1 [18551.143579] audit: type=1107 audit(1534439526.751:164): pid=989 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=25155 label="snap.chromium.chromium" peer_pid=985 peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' [18553.624016] audit: type=1400 audit(1534439529.231:165): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18553.638835] audit: type=1400 audit(1534439529.247:166): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18553.639389] audit: type=1400 audit(1534439529.247:167): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:1" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18553.639450] audit: type=1400 audit(1534439529.247:168): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:2" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18553.639491] audit: type=1400 audit(1534439529.247:169): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18863.195707] audit: type=1400 audit(1534439838.807:170): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c238:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18863.215818] audit: type=1400 audit(1534439838.827:171): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c239:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18863.216503] audit: type=1400 audit(1534439838.827:172): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:1" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18863.216561] audit: type=1400 audit(1534439838.827:173): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:2" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [18863.216616] audit: type=1400 audit(1534439838.827:174): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c240:0" pid=25155 comm="TaskSchedulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I have attempted as instructed in #9, the results are as described in #4: the U2F solicitors (github, gmail) will report "somethig whent wrong" as soon as the key is inserted. Thus it seems the issue got worse. BTW how do I get back to the default channel? stderr: Gtk-Message: Failed to load module "canberra-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module" [24390:24390:0816/191106.760998:WARNING:password_store_factory.cc(250)] Using basic (unencrypted) store for password storage. See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_password_storage.md for more information about password storage options.