Public bug reported:
HyperFIDO Pro U2F security key doesn't work with Chromium snap, but
works with native Chromium.
Tried on Ubuntu 20.10 x64 with Chromium Version 89.0.4389.90 (Official Build)
snap (64-bit).
Snap permission "u2f-devices" is allowed. Also tried with "raw-usb".
Steps to reproduce.
1) Insert HyperFIDO Pro U2F security key in USB port.
2) Launch Chromium snap.
3) Go to Settings -> Privacy and security -> Security -> Manage security keys
-> Sign-in data
4) Dialog "Security key sign-in data. To continue, insert and touch your
security key" appears.
Expected: After touching security key, or unplugging it and plugging it
back in, the dialog will disappear and Chromium will show the interface
for sign-in data on the key.
Observed: The dialog does not disappear until one clicks the "Cancel"
button (which, of course, does not lead to the interface for sign-in
data). Log data fom journalctl and dmesg is listed below.
Other notes: The U2F key cannot be used for website authentication
either. However, if Chromium is ran natively (rather than via snap), it
has no problem communicating with the key. Also, the key can be used by
Firefox (native). Thus, the problem does not appear to be with the
security key itself.
journalctl:
Mar 15 23:11:03 rnr systemd[1507]:
app-chromium_chromium-abfaae28ec4c4a59add9f3f1237c7d53.scope: Succeeded.
Mar 15 23:11:11 rnr audit[79885]: AVC apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/udev/data/c510:0" pid=79885
comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:11:11 rnr kernel: [drm] Failed to add display topology, DTM TA is not
initialized.
Mar 15 23:11:11 rnr kernel: audit: type=1400 audit(1615864271.606:53):
apparmor="DENIED" operation="open" profile="snap.chromium.chromium"
name="/run/udev/data/c510:0" pid=79885 comm="ThreadPoolForeg"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:13:01 rnr audit[79885]: AVC apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/udev/data/c510:0" pid=79885
comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:13:01 rnr kernel: audit: type=1400 audit(1615864381.271:54):
apparmor="DENIED" operation="open" profile="snap.chromium.chromium"
name="/run/udev/data/c510:0" pid=79885 comm="ThreadPoolForeg"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
dmesg:
[50172.135959] audit: type=1400 audit(1615864271.606:53): apparmor="DENIED"
operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c510:0"
pid=79885 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
[50281.798647] audit: type=1400 audit(1615864381.271:54): apparmor="DENIED"
operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c510:0"
pid=79885 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1919268
Title:
HyperFIDO Pro U2F security key doesn't work with Chromium snap
Status in chromium-browser package in Ubuntu:
New
Bug description:
HyperFIDO Pro U2F security key doesn't work with Chromium snap, but
works with native Chromium.
Tried on Ubuntu 20.10 x64 with Chromium Version 89.0.4389.90 (Official Build)
snap (64-bit).
Snap permission "u2f-devices" is allowed. Also tried with "raw-usb".
Steps to reproduce.
1) Insert HyperFIDO Pro U2F security key in USB port.
2) Launch Chromium snap.
3) Go to Settings -> Privacy and security -> Security -> Manage security keys
-> Sign-in data
4) Dialog "Security key sign-in data. To continue, insert and touch your
security key" appears.
Expected: After touching security key, or unplugging it and plugging
it back in, the dialog will disappear and Chromium will show the
interface for sign-in data on the key.
Observed: The dialog does not disappear until one clicks the "Cancel"
button (which, of course, does not lead to the interface for sign-in
data). Log data fom journalctl and dmesg is listed below.
Other notes: The U2F key cannot be used for website authentication
either. However, if Chromium is ran natively (rather than via snap),
it has no problem communicating with the key. Also, the key can be
used by Firefox (native). Thus, the problem does not appear to be with
the security key itself.
journalctl:
Mar 15 23:11:03 rnr systemd[1507]:
app-chromium_chromium-abfaae28ec4c4a59add9f3f1237c7d53.scope: Succeeded.
Mar 15 23:11:11 rnr audit[79885]: AVC apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/udev/data/c510:0" pid=79885
comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:11:11 rnr kernel: [drm] Failed to add display topology, DTM TA is
not initialized.
Mar 15 23:11:11 rnr kernel: audit: type=1400 audit(1615864271.606:53):
apparmor="DENIED" operation="open" profile="snap.chromium.chromium"
name="/run/udev/data/c510:0" pid=79885 comm="ThreadPoolForeg"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:13:01 rnr audit[79885]: AVC apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/udev/data/c510:0" pid=79885
comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 23:13:01 rnr kernel: audit: type=1400 audit(1615864381.271:54):
apparmor="DENIED" operation="open" profile="snap.chromium.chromium"
name="/run/udev/data/c510:0" pid=79885 comm="ThreadPoolForeg"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
dmesg:
[50172.135959] audit: type=1400 audit(1615864271.606:53): apparmor="DENIED"
operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c510:0"
pid=79885 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
[50281.798647] audit: type=1400 audit(1615864381.271:54): apparmor="DENIED"
operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c510:0"
pid=79885 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1919268/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
