** Description changed: + [ Impact ] + + fusermount3 (and umount, which is invoked by it with the same + confinement) on the current Ubuntu Questing requires additional + privileges in order to work properly. In particular, the lack of these + privileges broke flatpak because it was newly no longer able to unmount + revokefs-fuse. (This is a distinct failure from a previous one reported + at LP: #2100295.) + + [ Test Plan ] + + On a Questing machine, + - Install flatpak following the instructions at https://flathub.org/en/setup/Ubuntu: + - `sudo apt install flatpak` + - `flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo + - Reboot + - Attempt to install a flatpak, e.g. `flatpak install flathub com.github.huluti.Coulr` + - If installation is successful, attempt to run the flatpak with `flatpak run com.github.huluti.Coulr` + - Without the fix: + - The flatpak installation fails and generates error messages about being unable to unmount revokefs-fuse + - AppArmor generates denial logs relating to file accesses in /run/mount/utab and related files /run/mount/utab.* + - With the fix: the installation succeeds + - AppArmor still generates denial logs relating to denials of the DAC_OVERRIDE and SETUID capabilities. However, as flatpak still + seems to work properly even with these capabilities denied, we do not grant fusermount3 these capabilities + + [ Where problems could occur ] + + The additions to the fusermount3 profile are loosening confinement. + However, if a user manually modified the installed profiles, then the + package upgrade would cause conflicts, and rejection of the incoming + changes (either by hand during an interactive upgrade or automatically + during an batch unattended upgrade) would result in end users not + getting the packaged fix. + + [ Other Info ] + + Original bug report: + hi i am a bug tester and wanted to install a program but then i got this error here is my full log: Warning: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.GL.default-FAB3B3: Child process exited with code 1 Warning: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.GL.default-K8HAC3: Child process exited with code 1 Warning: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.openh264-D0P4B3: Child process exited with code 1 Warning: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.gnome.Platform.Locale-QP83B3: Child process exited with code 1 Warning: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.gtk.Gtk3theme.Yaru-dark-M2N7B3: Child process exited with code 1 error: Failed to install org.gnome.Platform: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak-cache-4EB3B3/org.gnome.Platform-EM6KC3: Child process exited with code 1 ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: flatpak 1.16.1-2ubuntu1 ProcVersionSignature: Ubuntu 6.17.0-3.3-generic 6.17.0-rc3 Uname: Linux 6.17.0-3-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.33.1-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Sep 5 20:07:19 2025 InstallationDate: Installed on 2025-09-04 (1 days ago) InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Daily amd64 (20250903) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: flatpak UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122161 Title: error: Failed to install org.gnome.Platform: Could not unmount revokefs-fuse filesystem at /var/tmp/flatpak- cache-4EB3B3/org.gnome.Platform-EM6KC3: Child process exited with code 1 To manage notifications about this bug go to: https://bugs.launchpad.net/flatpak/+bug/2122161/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
