Public bug reported:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable: 123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it and
reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should be
added by default or something else went wrong on my machine.
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
