from:"Douglas E Engert"

[Desktop-packages] [Bug 1967632]

2024-01-10 Thread Douglas E Engert

Since this has been open for so long, I would like to point out that all
these pkcs11 modules use a system PCSC-lite daemon.
https://pcsclite.apdu.fr/  PCSC-lite provides locking and can use pol-
kit to restrict access as needed. There should be only one PCSC daemon
running for the system.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Confirmed
Status in chromium-browser package in Ubuntu:
  Triaged
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632]

2023-11-29 Thread Douglas E Engert

No. I am not a Ubuntu developer, Only OpenSC.  But this problem has not
been resolved for 2 years.

Also see https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632
and comment  8

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Confirmed
Status in chromium-browser package in Ubuntu:
  Triaged
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632]

2023-11-29 Thread Douglas E Engert

> Any news on this? It really is a blocker for using Ubuntu in a number
of countries as it prevents interaction with government services."

You can always use firefox-esr. It does not use SNAP.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Confirmed
Status in chromium-browser package in Ubuntu:
  Triaged
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-10-16 Thread Douglas E Engert

"If canonical wants to deploy ubuntu in enterprise with a lot of card reader 
usages, this is a critical bug." 
I agree. 

The also need to keep in mind, that enterprises may also use smartcards for 
login which implies pcscd
needs to be run as root as pam modules will need access to it, during login. 
There should be only one pcscd running. i.e. don't try and put pcscd in a snap 
package. As there should only be one pcscd running on a system. Pcscd's primary 
function is to lock access to the card over a set of APDU commands. 
See  https://pcscworkgroup.com/

Some smart card vendors provide their own PKCS11 modules and users may
be need t uses thes via FireFox, either the sanp version or as suggested
a "non-snap official firefox package".

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Confirmed
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-09-20 Thread Douglas E Engert

"Is there a working work-around available?"

Yes, install the Debian FireFox-esr which does not use snap. 
Google for: Ubuntu firefox esr

 https://ubuntuhandbook.org/index.php/2022/03/install-firefox-esr-
ubuntu/

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Confirmed
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-29 Thread Douglas E Engert

Thanks for the ldd output.
libpcsclite.so.1 is the lib to used the pcscd socket, and is used by modules 
libstpkcs11.so, libeToken.so.10.7.77 and libopensc.so.8 (see below)   It is not 
used in libbit4xpki.so which may be a software pkcs11 or does not use pcscd.  

libcrypto.so.1.1 is OpenSSL-1.1 and also used by modules libstpkcs11.so
and opensc-pkcs11.so

So libstpkcs11.so, libeToken.so.10.7.77 and libstpkcs11.so,
libeToken.so.10.7.77 all appear to work as all the libs are available.

The difference is opensc-pkcs11.so needs to load libopensc.so.8 and a
few others that I have not looked at


On a 22.04.1 system running the command  `sudo snap run --shell 
firefox.firefox` will run snap as root to have snap start up a shell with the 
environment that firefox would run under. 

The `df` command shows:
 
/dev/sda3   122388080  11202960  104921928  10% /var/lib/snapd/hostfs
tmpfs  814036  1272 812764   1% /run
tmpfs5120 4   5116   1% /run/lock
tmpfs  814036   100 813936   1% /run/user/1000
/dev/loop0128   128  0 100% /snap/bare/5
/dev/loop1  63488 63488  0 100% /snap/core20/1587
/dev/loop2  63488 63488  0 100% /
/dev/loop3 167296167296  0 100% /snap/firefox/1635
/dev/loop4 181248181248  0 100% /snap/firefox/1749
/dev/loop5 410496410496  0 100% /snap/gnome-3-38-2004/112
/dev/loop7  48128 48128  0 100% /snap/snapd/16292
/dev/loop6  93952 93952  0 100% /snap/gtk-common-themes/1535
/dev/sda2  524252  5364 51   2% 
/var/lib/snapd/hostfs/boot/efi
Argonne1952871748 479641924 1473229824  25% /media/sf_Argonne
VM-Shared  1952871748 479641924 1473229824  25% /media/sf_VM-Shared
/dev/loop8 354688354688  0 100% /snap/gnome-3-38-2004/115
udev  4034884 04034884   0% /dev
tmpfs 4070180 04070180   0% /dev/shm
tmpfs 4070180 04070180   0% 
/snap/firefox/1749/data-dir/icons
tmpfs 4070180 04070180   0% 
/snap/firefox/1749/data-dir/sounds
tmpfs 4070180 04070180   0% 
/snap/firefox/1749/data-dir/themes
tmpfs 4070180  19964068184   1% /usr/lib/x86_64-linux-gnu
tmpfs 4070180 04070180   0% /usr/share

and /var/lib/snapd/hostfs is the host's filesystem. I was able to copy
libopensc.so.8.0.0 and symlink libopensc.so.8.0.0 to
/usr/lib/x86_64-linux-gnu FF will still not load opensc-pkcs11.so and it
will be gone on a reboot.

snap does set sone environemt variables that could help:
LD_PRELOAD=:/snap/firefox/1749/gnome-platform/$LIB/bindtextdomain.so
LD_LIBRARY_PATH=/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void:/snap/firefox/1749/usr/lib:/snap/firefox/1749/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib:/snap/firefox/1749/gnome-platform/lib:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/dri:/var/lib/snapd/lib/gl:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/libunity:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/pulseaudio


So this is where I am at. Firefox-esr from debiaen works with opensc. Forefox 
from snap does not. It appears the some effort when it to geting p11-kit to 
start, but all p11-kit does is load other pkcs11 modules, that may have been 
installed using normal apt-get. It the initial comments of this bug report 
there were suggestions to copy the single file if a pkcs11 module to a "doc" 
directory, but no attempt was made to copy dependent libraries that the module 
needs. 

These will only work if missing libraries are in the snap base or of
firefox snap packages.

OpenSC also has a notify capability to tell the user when a card was
inserted or removed. This may add additional complications to getting it
to work under snap.

Not much else I can do.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Unknown
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firef

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-28 Thread Douglas E Engert

So it appears that to load a PKCS11 module in snap packaged FireFox requires:
 1)  "/run/user/[0-9]*/** mr,"
 2)  "/run/pcscd/pcscd.comm rw," (if module uses pcscd)
 3)  absolute path (i.e. no symlinks) to the module
 4)  all libs the module may need to be in the snap base

To test if (4) is correct:

 https://launchpad.net/~ascaneo can you run "ldd
/usr/lib/libeToken.so.10.7.77"

 https://launchpad.net/~liuck can you run "ldd
/usr/lib/bit4id/libbit4xpki.so"

I posted the output of "ldd opensc-pkcs11.so" in
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/18

It requires "libopensc.so.8 => /lib/x86_64-linux-gnu/libopensc.so.8"
which is most likely not in the snap package base as per
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/17

So how should a snap package handle arbitrary pkcs11 packages that
require libs that would have been installed in a traditional install,
but are not by snap packaging?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Unknown
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-26 Thread Douglas E Engert

This maybe the biggest problem:
"- /usr inside the snap is a bind-mount from /usr in the base snap, not on the 
host system, which explains why your addition of `/usr/lib/x86_64-linux-gnu/** 
rm,` to the apparmor profile doesn't work as you'd expect (see 
https://github.com/snapcore/snapd/pull/11025#issuecomment-1225787194 for 
details)"

Are both of you saying that the location of the PKCS11 module makes a 
difference?
And if the normal location is in /usr/lib/x86_64-linux-gnu is part of the FF 
snap package and 
their is no way to include files from the local system's 
/usr/lib/x86_64-linux-gnu.
So is that what the copying to the /usr/run//doc is trying to overcome? 

There are many PKCS11 modules out there, some provided by smartcard vendors and 
not part of a distro.
OpenSC is distributed Ubuntu and most other distros. How will you handle these 
other modules?


What package has the /usr/lib/bit4id/libbit4xpki.so? 

can you run "ldd /usr/lib/bit4id/libbit4xpki.so" to see what other libs are 
required?
Does it use a socket to pcscd?

Is it possible some other libs must also be included?

Can you try to install opensc-pkcs11 (which also installs opensc) to
your system and see you can get FF to load it?

opensc-pkcs11-0.22.0-1ubuntu2 installs opensc-pkcs11.so in two places: 
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so and 
/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so (which is were p11-kit would 
load it)
and depends on libopensc.so.8  and /usr/lib/x86_64-linux-gnu/libcrypto.so.3 
from libssl3-3.0.2-0ubuntu1.6


 $ ls -l /usr/lib/x86_64-linux-gnu/*opensc*
lrwxrwxrwx 1 root root  18 Mar 10 11:00 
/usr/lib/x86_64-linux-gnu/libopensc.so.8 -> libopensc.so.8.0.0
-rw-r--r-- 1 root root 2040208 Mar 10 11:00 
/usr/lib/x86_64-linux-gnu/libopensc.so.8.0.0
-rw-r--r-- 1 root root  234704 Mar 10 11:00 
/usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
-rw-r--r-- 1 root root  234704 Mar 10 11:00 
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
$ ldd /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
linux-vdso.so.1 (0x7ffcbbdfe000)
libopensc.so.8 => /lib/x86_64-linux-gnu/libopensc.so.8 
(0x7efd3cd14000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 
(0x7efd3c8d2000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7efd3c6aa000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7efd3c68e000)
libgio-2.0.so.0 => /lib/x86_64-linux-gnu/libgio-2.0.so.0 
(0x7efd3c4b6000)
libgobject-2.0.so.0 => /lib/x86_64-linux-gnu/libgobject-2.0.so.0 
(0x7efd3c456000)
/lib64/ld-linux-x86-64.so.2 (0x7efd3cf58000)
libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 
(0x7efd3c31a000)
libgmodule-2.0.so.0 => /lib/x86_64-linux-gnu/libgmodule-2.0.so.0 
(0x7efd3c313000)
libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1 
(0x7efd3c2cf000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 
(0x7efd3c2a3000)
libffi.so.8 => /lib/x86_64-linux-gnu/libffi.so.8 (0x7efd3c296000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x7efd3c21e000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7efd3c137000)
libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1 
(0x7efd3c10)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 
(0x7efd3c069000)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in Mozilla Firefox:
  Unknown
Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-25 Thread Douglas E Engert

https://launchpad.net/~liuck
You can test your reader/card with OpenSC  without firefox.

see: "man pkcs11-tool" or "pkcs11-tool --help".  "pkcs11-tool --test
--login" will try and read certificates and do sign/verify using
private keys. It may prompt for pin several times.

If you can also add --module  to use test a different
PKCS11 module.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-25 Thread Douglas E Engert

This problem is an Ubuntu/snap packaging issue. FF and Thunderbird both
allow the loading of PKCS11 modules as do other programs. But the snap
has not packaged these.

Access to smartcards is usually handled by PC/SC i.e. the pcscd daemon.
It provides locking access to the smartcards from multiple running
applications. So this is another issue for snap, how to provide access
to this system daemon.

Snap does provide the ability to load the p11-kit but then p11-kit tries
to load other PKCS11 modules which may need to load additional
libraries. /usr/lib/x86_64-linux-gnu/pkcs11/* and run "p11-kit list-
modules".

p11-kit has a client/remote capability that I have never looked at. It
might be possible to use this from snap to a "remote" server running on
the the local host.

Are there FF extensions that may similar problems?

Until Ubuntu can packaged up other pkcs11 modules and handle pcscd, the
way to: "test from CLI if my smart card reader is working" is to use the
debian firefox-esr  which does not have any problems.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-08-24 Thread Douglas E Engert

https://launchpad.net/~liuck can you give some more information:

 What PKCS11 module are you using?

 What version of Ubuntu?

From my testing with a fresh copy install of XUbuntu-22.04.1 as guest of
VirtualBox, the "/run/user/[0-9]*/** mr," appears to allow access to any
file in my /usr/run/1000 directory.

When I use firefox's "Security Devices... Load" and browse for a module,
I give the path to the system version of the module(s) I have tried:
both /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so and
/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so. Both get a "Unable to
add module" and the location shown in
/run/user/1000/doc/48e09223/p11-kit-client.so
/run/user/1000/doc/e3261d9/opensc-pkcs11.so

So it looks like it find the files and copies to /run/user/1000/doc/*.

But both of these modules need access to other libs and also need to use
pcscd to access the smartcard readers.

https://launchpad.net/~tnetter 
Can you give some more information about "/usr/local/lib/libcvP11.so"
It is not clear why this works with:  
https://forums.epo.org/new-version-of-the-cryptovision-software-12191#p40162

It may be that this is a simple library and does not use pcscd.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-05-21 Thread Douglas E Engert

After spending a week on this, I think I see the problem.

(1) pkcs11 modules are dynamically load by mozilla nss and need the
/etc/apparmor.d/abstractions/p11-kit   as stated in previous comment.

(2) dynamically loaded modules may also load additional shared
libraries. So apparmor profiles are need for each possible pkcs11
module. Ubuntu-22.04 has a /etc/apparmor.d/abstractions/p11-kit but
needs the "m" file_mmap as stated in previous comment.

(3) /var/lib/snapd/apparmor/profiles/snap.firefox.firefox included these system 
based profiles:
  #include 
  #include 
  #include 
But it does not include 
  #include  
So it can not load the p11-kit or any pkcs11 module p11-kit might try and load.
(/etc/apparmor.d/abstractions/p11-kit will also include any profiles in 
abstractions/p11-kit.d) 

(4) Smartcard pkcs11 modules use the pcscd system service. On most linux
system this is the pcscd-lite package:
https://github.com/LudovicRousseau/PCSC the ClientSetupSession
https://github.com/LudovicRousseau/PCSC/blob/master/src/winscard_msg.c#L107-L167
sets client access to the socket. (I have not looked at what it would
take to add the dbus apparmor code needed to do this.)

Observations:

With a modified p11-kit /etc/apparmor.d/abstractions/p11-kit with the "m" 
file_mmap and adding the #include  to 
/var/lib/snapd/apparmor/profiles/snap.firefox.firefox I can add p11-kit as a 
"security Device", but it does not load any additional pkcs11 modules.
 
 ~/snap/firefox/common/.mozilla/firefox/0i8u9awg.default/pkcs11.txt has: 
   library=/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
name=p11-kit
   (using symlinks to libs appears to be a problem, so I avoided using them.)

I can not add a "security device" for OpenSC even with adding a
/etc/apparmor.d/abstractions/opensc profile.

(Others on the internet have reported problems with other smart card
pkcs11 modules not just opensc.)

Using audit on all possible files, does not show a file loading problem or does 
running
sudo apparmor_parser -v -C -r snap.firefox.firefox to reload with complain only 
show any problems. So the problme must be somehing else.

P11-kit does not directly need access to pcscd, so (4) is not an issue
with p11 kit itself but (4) is an issued with any (or most) pkcs11
modules loaded by p11-kit.

Solutions:

For a snap installed firefox if (1), (2), (3) and (4) where addressed, snap 
firefox should work.
Adding profiles for each pkcs11 module to /etc/apparmor.d/abstractions and 
adding an include in /etc/apparmor.d/abstractions/p11-kit.d would require only 
only adding an include for p11-kit to snap.firefox.firefox. I hope that there 
is enough info above so someone else can add the dbus code.


Personally:

I find snap to be nightmare and Ubuntu should not have made it the
default firefox. Ubuntu should at least continue to give the user a
choice. All my testing has been on a virtual test 22.04 system. I was in
the process of converting from 20.04 to 22.04, both virtual, when I ran
into this problem. I have removed the snap firefox and am working on
using the Debian firefox-esr which works great with smartcards and
pkcs11, and is much faster. I just have to convert my .mozilla profiles
because the name changed from firefox to firefox-esr.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probabl

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

2022-05-16 Thread Douglas E Engert

Initial problem of:

Initial problem of "[sáb abr 2 17:32:27 2022] audit: type=1400
audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap"
profile="snap.firefox.firefox"
name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0"

can be solved by adding to  
/var/lib/snapd/apparmor/profiles/snap.firefox.firefox something like:
-- DEE.snap.firefox.firefox 2022-05-15 00:51:38.010651530 -0500
+++ snap.firefox.firefox2022-05-15 21:18:39.445523027 -0500
@@ -312,6 +312,9 @@
   /tmp/   r,
   /tmp/** mrwlkix,
 
+  #DEE
+  /run/user/[0-9]*/** mrwlkix,
+
   # App-specific access to files and directories in /dev/shm. We allow file
   # access in /dev/shm for shm_open() and files in subdirectories for open()
   # bind mount *not* used here (see 'parallel installs', above)

This adds the "m" mask to the  "/run/user/1000/doc/e0bac853/" directory
but does allow the module to be loaded. This is overkill, for the
directory. For a PKCS11 module "mr" maybe all that is needed.

It is not clear why the choice was made to copy the pkcs11 modules to the doc 
directory in the first place.
Ubuntu appears to install PKCS11 modules (at least some in) in  
/usr/lib/x86_64-linux-gnu/pkcs11 so why can't this be used without copying?

The above only show how to get around the first of many possible
problems.

Not all Ubuntu installed PKCS11 modules are installed in the above
directory. p11-kit-client.so is but opensc-pkcs11.so and onepin-opensc-
pkcs11.so are not, just symlinks.

Trying to use the apparmor aa-complain to get more info does not work
with the way the snap apparmor profiles are named. It appears the
profile uses "." inplace of "/" and there is no "snap/firefox/firefox"


Pkcs11 modules may load other PKCS11 modules, i.e. that is what p11-kit does. 
Each of these modules may have config files with system and user versions. 
apparmor needs to address how these config files can be read.

 
Until it can be shown that PKCS11 modules can be easily be used, I would 
suggest that firefox not be installed by snap. 

Also see:
https://github.com/OpenSC/OpenSC/issues/2552






** Bug watch added: OpenSC Issues #2552
   https://github.com/OpenSC/OpenSC/issues/2552

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1967632

Title:
  [snap] apparmor denied when trying to load pkcs11 module for smart
  card authentication

Status in firefox package in Ubuntu:
  Triaged

Bug description:
  I use a smart card to access government sites. I have that working in
  firefox and chrome on ubuntu impish, and gave jammy a try, but there
  firefox won't load the library, giving me a generic error.

  dmesg, however, shows this apparmor denied message:

  [sáb abr  2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115):
  apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox"
  name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680
  comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  
  Note also the path, that's not what I typed into the firefox dialog box. I 
have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and 
that's what I typed in when prompted for its path by firefox.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: firefox 1:1snap1-0ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  Uname: Linux 5.15.0-23-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr  2 17:34:09 2022
  InstallationDate: Installed on 2022-03-20 (13 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319)
  Snap.Changes: no changes found
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1967632]

[Desktop-packages] [Bug 1967632]

[Desktop-packages] [Bug 1967632]

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

[Desktop-packages] [Bug 1967632] Re: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication

13 matches

Site Navigation

Mail list logo

Footer information