Hi,
The firefox snap plugs both the unity7 interface and the x11 interface.
For historical reasons, the unity7 interface grants access to parts of
the x11 interface because unity is based on X, and so to deny firefox
access to all things X, you also need to disconnect the unity7
interface. On my machine, after disconnecting x11 and unity7, firefox is
no longer able to run, complaining that it cannot access the x11 socket,
and indeed there is a denial for this in the logs:
```
Jan 15 15:22:06 kernel: audit: type=1400 audit(1579123326.325:323):
apparmor="DENIED" operation="connect" profile="snap.firefox.firefox" pid=14444
comm="firefox-bin" family="unix" sock_type="stream" protocol=0
requested_mask="send receive connect" denied_mask="send connect" addr=none
peer_addr="@/tmp/.X11-unix/X0" peer="unconfined"
```
As such, I'm closing this as WontFix because there's nothing for us to
fix here.
** Changed in: snapd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1859381
Title:
snapd - disconnecting :x11 has no effect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1859381/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
