[Bug 2122161] Re: error: Failed to install org.gnome.Platform: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.gnome.Platform-EM6KC3: Child process exited with code 1

Wed, 08 Oct 2025 17:10:50 -0700 

Indeed the fusermount3 profile shipped in plucky as well. Here is a
diff:

--- plucky-fusermount3 2025-09-09 21:23:48.000000000 +0000
+++ questing-fusermount3 2025-10-08 23:59:13.134538037 +0000
@@ -11,6 +11,7 @@

   # Allow both rw and ro type mounts (e.g. AppImage uses ro)
   #MS_DIRSYNC, MS_NOATIME, MS_NODIRATIME, MS_NOEXEC, MS_SYNCHRONOUS, 
MS_NOSYMFOLLOW
+  # Below broad mount flags should be revisited once we have rule delegation
   mount fstype=@{fuse_types} options=(nosuid,nodev) options in 
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> @{HOME}/**/,
   mount fstype=@{fuse_types} options=(nosuid,nodev) options in 
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> /mnt/{,**/},
   mount fstype=@{fuse_types} options=(nosuid,nodev) options in 
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> @{run}/user/@{uid}/**/,
@@ -27,19 +28,26 @@
   umount /cvmfs/**/,

   # Flatpak's default cache directory where it mounts a revokefs-fuse
-  # The second revokefs rule cannot be parsed by aa-logprof currently
   mount fstype=fuse options=(nosuid,nodev,rw) /dev/fuse -> 
/var/tmp/flatpak-cache-*/**/,
   mount fstype=fuse.revokefs-fuse options=(nosuid,nodev,rw) revokefs-fuse -> 
/var/tmp/flatpak-cache-*/**/,
   umount /var/tmp/flatpak-cache-*/**/,

+  # flatpak-builder uses rofiles-fuse
+  mount fstype=fuse.rofiles-fuse options=(nosuid,nodev,rw) 
{rofiles-fuse,/dev/fuse} -> /var/tmp/test-flatpak-*/**/,
+  umount /var/tmp/test-flatpak-*/**/,
+
   /dev/fuse rw,

+  # needed since libfuse 3.17.1-rc0 (LP: #2111845)
+  /usr/bin/mount ix,
+  /usr/bin/umount ix,
+
   @{etc_ro}/fuse.conf r,
-  @{PROC}/@{pid}/mounts r,
+  @{PROC}/@{pid}/{mounts,mountinfo} r,

-  /usr/bin/fusermount3 mr,
+  @{exec_path} mr,

   include if exists <local/fusermount3>
 }

-# vim:syntax=apparmor
+# vim:ft=apparmor


And it's not the first time it needed changes because of flatpak: 
https://bugs.launchpad.net/bugs/2100295

Going by d/changelog, the fusermount3 profile was first shipped in
plucky in
https://launchpad.net/ubuntu/+source/apparmor/4.1.0~beta4-0ubuntu3

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2122161

Title:
  error: Failed to install org.gnome.Platform: Could not unmount
  revokefs-fuse filesystem at /var/tmp/flatpak-
  cache-4EB3B3/org.gnome.Platform-EM6KC3: Child process exited with code
  1

To manage notifications about this bug go to:
https://bugs.launchpad.net/flatpak/+bug/2122161/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to