[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
The fix has landed in snapd so it will be available in the latest/edge
channel of snapd snap. If you refresh snapd with:
snap refresh --edge snapd
Then the fix will be immediately active.
You should refresh back to stable after the 2.63 release, unless you are
comfortable daily-driving possibly unstable software.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
Status in chromium-browser package in Ubuntu:
Invalid
Status in snapd package in Ubuntu:
In Progress
Bug description:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it
and reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should
be added by default or something else went wrong on my machine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
Also seen on Ubuntu 20.04.6 with latest/stable: 123.0.6312.122 2024-04-15
(2821) 168MB chromium snap.
Confirming that if I manually apply the patch given in
https://github.com/snapcore/snapd/pull/13857 the issue is fixed.
But then when I refreshed chromium to latest/stable: 124.0.6367.60
2024-04-19 (2828) 169MB my patch got stepped on and I needed to reapply
it. Don't know when the fix is expected to be incorporated in a snap
refresh but until then it's easy enough to manually take care of.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
Status in chromium-browser package in Ubuntu:
Invalid
Status in snapd package in Ubuntu:
In Progress
Bug description:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it
and reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should
be added by default or something else went wrong on my machine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
This is fixed by https://github.com/snapcore/snapd/pull/13857
** Changed in: snapd (Ubuntu)
Status: New => In Progress
** Changed in: chromium-browser (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
Status in chromium-browser package in Ubuntu:
Invalid
Status in snapd package in Ubuntu:
In Progress
Bug description:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it
and reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should
be added by default or something else went wrong on my machine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Zygmunt Krynicki (zyga)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
Status in chromium-browser package in Ubuntu:
New
Status in snapd package in Ubuntu:
New
Bug description:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it
and reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should
be added by default or something else went wrong on my machine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062173] Re: Apparmor denies updating namespace with ecryptfs
Possible duplicate of LP:2062330.
** Changed in: chromium-browser (Ubuntu)
Importance: Undecided => High
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: snapd (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2062173
Title:
Apparmor denies updating namespace with ecryptfs
Status in chromium-browser package in Ubuntu:
New
Status in snapd package in Ubuntu:
New
Bug description:
Noticed on Ubuntu 23.10. Started misbehaving on April 17th 2024.
$ snap info chromium
...
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: today at 08:58 CEST
channels:
latest/stable:123.0.6312.122 2024-04-15 (2821) 168MB -
...
When running chromium, it complains about not being able to open my home dir:
cannot update snap namespace: cannot expand mount entry (none
$HOME/.local/share none x-snapd.kind=ensure-dir,x-snapd.must-exist-dir=$HOME 0
0): cannot use invalid home directory "/home/tannerli": permission denied
snap-update-ns failed with code 1
AppArmor log shows that access to ecryptfs private folder was denied:
Apr 18 13:13:21 hostname kernel: audit: type=1400
audit(1713438801.579:437): apparmor="DENIED" operation="open"
class="file" profile="snap-update-ns.chromium"
name="/home/.ecryptfs/tannerli/.Private/" pid=32412 comm="5"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
I found out, that, under /var/lib/snapd/apparmor/profiles, while
snap.chromium.chromium has the line
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
the file snap-update-ns.chromium does _not_ have the line. Adding it
and reloading the profile allows chromium to start again.
I'm nowhere near experienced enough to tell whether this line should
be added by default or something else went wrong on my machine.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2062173/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
