Adding apparmor since this may be related to libapparmor. zyga will
provide more details, but essentially, when userd is not running (ie,
dbus activation is used) and a snap tries to use userd to open a url,
there is this denial:
sty 15 15:34:45 kaedwen dbus-daemon[1242]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/io/snapcraft/Launcher"
interface="io.snapcraft.Launcher" member="OpenURL" mask="send"
name="io.snapcraft.Launcher" pid=5773 label="snap.gimp.gimp"
even though we have this in the policy:
dbus (send)
bus=session
path=/io/snapcraft/Launcher
interface=io.snapcraft.Launcher
member=OpenURL
peer=(label=unconfined),
Curiously, the above denial lacks a 'peer_label' (an artful, removing
the above rule(s), the denial has 'peer_label=unconfined'). This does
not happen on artful and the above rule is sufficient for dbus
activation or not. On bionic, once userd is running, there is no denial
and the browser is launched. If remove 'peer=(label=unconfined)' from
the dbus rule, things work (according to zyga).
It isn't clear if this is a bug in libapparmor or dbus-daemon, so adding
the apparmor task.
Steps to reproduce:
1. snap install gimp
2. ps auxww|grep userd # if 'snap userd' is running, kill it
3. /snap/bin/gimp
4. Help/Gimp Online/Developer Web Site
Note if adjusting the profile in
/var/lib/snapd/apparmor/profiles/snap.gimp.gimp, there are several rules
for com.canonical.SafeLauncher (the old service) and
io.snapcraft.Launcher (the new service).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1742687
Title:
Launching URLs in snapped applications no longer works in 18.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1742687/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
