This bug was fixed in the package apparmor - 2.13.3-7ubuntu4
---
apparmor (2.13.3-7ubuntu4) focal; urgency=medium
* debian/apparmor.service: add /var/lib/snapd/apparmor/profiles to
RequiresMountsFor since Ubuntu's rc.apparmor.functions looks for it
(LP: #1871148)
*
** Changed in: snapd
Status: In Progress => Fix Released
** Changed in: snapd (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
** Changed in: apparmor
Status: In Progress => Fix Released
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Medium
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
** Changed
** Changed in: apparmor
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap] Permission denied on Private encrypted
https://github.com/snapcore/snapd/pull/7779
** Also affects: snapd
Importance: Undecided
Status: New
** Changed in: snapd (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
** Changed in: snapd
Importance: Undecided => Low
** Changed in: snapd
Assignee:
** Changed in: snapd (Ubuntu)
Status: Triaged => In Progress
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New => Triaged
** Changed in: apparmor
Importance: Undecided => Low
** Changed in: apparmor
Assignee:
Thanks Jamie.
I'll mark the bug invalid for chromium. Even though chromium is visibly
affected, the root cause has been identified and is going to be fixed soon.
** Changed in: chromium-browser (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a
Ok, I'll fix this in the next batch of policy updates for snapd.
** Changed in: snapd (Ubuntu)
Importance: Undecided => Low
** Changed in: snapd (Ubuntu)
Status: New => Triaged
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received
Yes, it is mounted:
ubuntu@bionicvm:~$ mount | grep Private
/home/ubuntu/.Private on /home/ubuntu/Private type ecryptfs
(rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=11d8701311f9dc77,ecryptfs_sig=4ca5cd476d88b7cd,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)
--
You received
Ok, that is a read on /home/ubuntu/.Private/. Is the encrypted home
mounted at the time of the denial?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap]
Indeed I can see the rules you mention in
/etc/apparmor.d/abstractions/base, which is included by
/var/lib/snapd/apparmor/profiles/snap.chromium.chromium.
However I can reliably reproduce the issue, and I'm seeing the following
denial:
AVC apparmor="DENIED" operation="open"
Encrypted home is typically setup as ~/.Private, not ~/Private and the
policy already allows:
owner @{HOME}/.Private/** mrixwlk,
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
The home interface should already allow ~/Private. What is the denial
you see in the logs?
--
You received
12 matches
Mail list logo