[Touch-packages] [Bug 1825331] Re: apparmor chromium profile blocks yubikeys

Sun, 17 Nov 2019 02:42:24 -0800 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1825331

Title:
  apparmor chromium profile blocks yubikeys

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  some months ago (can't give a precise date) I could use all my pure
  u2f tokens, as well as Yubikey tokens with mixed apps (yubikey 4,
  yubikey neo) pretty well with chromium browser as u2f tokens.

  For some months now and since an update of the chromium-browser in
  18.04, it was working with pure u2f tokens (e.g. the blue yubikeys,
  FIDO u2f token,...), but not with regular yubikeys anymore, although
  command line tools like u2f-host worked pretty well.

  I checked the kernel messages and did not find any apparmor deny
  message or other reasons. Furthermore, the apparmor profile for
  usr.bin.chromium-browser was in complain mode only.

  Now I did again some debugging and found that the problem is gone
  after

  
  aa-disable usr.bin.chromium-browser

  
  Although the profile was in complain mode and dmesg did not show any 
forbidden actions, the strace showed some EPERM (Operation not permitted) 
errors, that's why I tried to disable aa. 

  Interestingly, this problem does not affect regular u2f tokens, just
  the yubikeys with additional functions.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: apparmor-profiles 2.12-4ubuntu5.1
  ProcVersionSignature: Ubuntu 4.15.0-47.50-generic 4.15.18
  Uname: Linux 4.15.0-47-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Thu Apr 18 11:14:22 2019
  InstallationDate: Installed on 2018-04-30 (352 days ago)
  InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  PackageArchitecture: all
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-47-generic 
root=UUID=5dca854b-2558-44a1-918d-c8380934754d ro nosplash
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1825331/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to