[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
The fix has landed in snapd so it will be available in the latest/edge channel of snapd snap. If you refresh snapd with: snap refresh --edge snapd Then the fix will be immediately active. You should refresh back to stable after the 2.63 release, unless you are comfortable daily-driving possibly unstable software. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2062173 Title: Apparmor denies updating namespace with ecryptfs Status in chromium-browser package in Ubuntu: Invalid Status in snapd package in Ubuntu: In Progress Bug description: Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024. $ snap info chromium ... snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: today at 08:58 CEST channels: latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB - ... When running chromium, it complains about not being able to open my home dir: cannot update snap namespace: cannot expand mount entry (none $HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0 0): cannot use invalid home directory "/home/tannerli": permission denied snap-update-ns failed with code 1 AppArmor log shows that access to ecryptfs private folder was denied: Apr 18 13:13:21 hostname kernel: audit: type=1400 audit(1713438801.579:437): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.chromium" name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I found out, that, under /var/lib/snapd/apparmor/profiles, while snap.chromium.chromium has the line owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, the file snap-update-ns.chromium does _not_ have the line. Adding it and reloading the profile allows chromium to start again. I'm nowhere near experienced enough to tell whether this line should be added by default or something else went wrong on my machine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
Also seen on Ubuntu 20.04.6 with latest/stable: 123.0.6312.122 2024-04-15 (2821) 168MB chromium snap. Confirming that if I manually apply the patch given in https://github.com/snapcore/snapd/pull/13857 the issue is fixed. But then when I refreshed chromium to latest/stable: 124.0.6367.60 2024-04-19 (2828) 169MB my patch got stepped on and I needed to reapply it. Don't know when the fix is expected to be incorporated in a snap refresh but until then it's easy enough to manually take care of. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2062173 Title: Apparmor denies updating namespace with ecryptfs Status in chromium-browser package in Ubuntu: Invalid Status in snapd package in Ubuntu: In Progress Bug description: Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024. $ snap info chromium ... snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: today at 08:58 CEST channels: latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB - ... When running chromium, it complains about not being able to open my home dir: cannot update snap namespace: cannot expand mount entry (none $HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0 0): cannot use invalid home directory "/home/tannerli": permission denied snap-update-ns failed with code 1 AppArmor log shows that access to ecryptfs private folder was denied: Apr 18 13:13:21 hostname kernel: audit: type=1400 audit(1713438801.579:437): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.chromium" name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I found out, that, under /var/lib/snapd/apparmor/profiles, while snap.chromium.chromium has the line owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, the file snap-update-ns.chromium does _not_ have the line. Adding it and reloading the profile allows chromium to start again. I'm nowhere near experienced enough to tell whether this line should be added by default or something else went wrong on my machine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
This is fixed by https://github.com/snapcore/snapd/pull/13857 ** Changed in: snapd (Ubuntu) Status: New => In Progress ** Changed in: chromium-browser (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2062173 Title: Apparmor denies updating namespace with ecryptfs Status in chromium-browser package in Ubuntu: Invalid Status in snapd package in Ubuntu: In Progress Bug description: Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024. $ snap info chromium ... snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: today at 08:58 CEST channels: latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB - ... When running chromium, it complains about not being able to open my home dir: cannot update snap namespace: cannot expand mount entry (none $HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0 0): cannot use invalid home directory "/home/tannerli": permission denied snap-update-ns failed with code 1 AppArmor log shows that access to ecryptfs private folder was denied: Apr 18 13:13:21 hostname kernel: audit: type=1400 audit(1713438801.579:437): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.chromium" name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I found out, that, under /var/lib/snapd/apparmor/profiles, while snap.chromium.chromium has the line owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, the file snap-update-ns.chromium does _not_ have the line. Adding it and reloading the profile allows chromium to start again. I'm nowhere near experienced enough to tell whether this line should be added by default or something else went wrong on my machine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
** Changed in: snapd (Ubuntu) Assignee: (unassigned) => Zygmunt Krynicki (zyga) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2062173 Title: Apparmor denies updating namespace with ecryptfs Status in chromium-browser package in Ubuntu: New Status in snapd package in Ubuntu: New Bug description: Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024. $ snap info chromium ... snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: today at 08:58 CEST channels: latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB - ... When running chromium, it complains about not being able to open my home dir: cannot update snap namespace: cannot expand mount entry (none $HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0 0): cannot use invalid home directory "/home/tannerli": permission denied snap-update-ns failed with code 1 AppArmor log shows that access to ecryptfs private folder was denied: Apr 18 13:13:21 hostname kernel: audit: type=1400 audit(1713438801.579:437): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.chromium" name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I found out, that, under /var/lib/snapd/apparmor/profiles, while snap.chromium.chromium has the line owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, the file snap-update-ns.chromium does _not_ have the line. Adding it and reloading the profile allows chromium to start again. I'm nowhere near experienced enough to tell whether this line should be added by default or something else went wrong on my machine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
Possible duplicate of LP:2062330. ** Changed in: chromium-browser (Ubuntu) Importance: Undecided => High ** Also affects: snapd (Ubuntu) Importance: Undecided Status: New ** Changed in: snapd (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2062173 Title: Apparmor denies updating namespace with ecryptfs Status in chromium-browser package in Ubuntu: New Status in snapd package in Ubuntu: New Bug description: Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024. $ snap info chromium ... snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: today at 08:58 CEST channels: latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB - ... When running chromium, it complains about not being able to open my home dir: cannot update snap namespace: cannot expand mount entry (none $HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0 0): cannot use invalid home directory "/home/tannerli": permission denied snap-update-ns failed with code 1 AppArmor log shows that access to ecryptfs private folder was denied: Apr 18 13:13:21 hostname kernel: audit: type=1400 audit(1713438801.579:437): apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.chromium" name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I found out, that, under /var/lib/snapd/apparmor/profiles, while snap.chromium.chromium has the line owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, the file snap-update-ns.chromium does _not_ have the line. Adding it and reloading the profile allows chromium to start again. I'm nowhere near experienced enough to tell whether this line should be added by default or something else went wrong on my machine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp