This bug was fixed in the package apparmor - 4.1.0~beta5-0ubuntu12
---------------
apparmor (4.1.0~beta5-0ubuntu12) plucky; urgency=medium
[ Ryan Lee ]
* Add patch to fix lsblk denials on Hyper-V systems (LP: #2103524):
- d/p/u/lsblk_hyper_v_fixup.patch
* Add patch to allow fusermount3 to mount nested subdirectores of
@{run}/user/@{uid} (LP: #2103889):
- d/p/u/fusermount3-mount-nested-subdirs-run-user.patch
* Add patch to fix utils hotkey conflict with ignore (LP: #2104194):
- d/p/u/utils-fix-ignore-hotkey-conflict.patch
* Add patch to fix aa-enforce not handling child profiles (LP: #2104193):
- d/p/u/utils-fix-profile-header-patch-generation.patch
[ Tim Andersson ]
* Allow remmina to make DescribeAll calls through the DBus.
(LP: #2102033):
- d/p/u/remmina-dbus-describeall.patch
-- Ryan Lee <[email protected]> Mon, 24 Mar 2025 10:14:46 -0700
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103889
Title:
gnome-remote-desktop-daemon: fusermount3: mount failed: Permission
denied
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
On Ubuntu 25.04 daily (as of 2025-03-23), connecting to headless
remote desktop fails with apparmor error "fusermount3: mount failed:
Permission denied", after installation:
```
Mar 23 15:47:07 ubuntu2504 gnome-remote-desktop-daemon[6020]: fusermount3:
mount failed: Permission denied
Mar 23 15:47:07 ubuntu2504 kernel: audit: type=1400
audit(1742705227.026:259): apparmor="DENIED" operation="mount" class="mount"
info="failed mntpnt match" error=-13 profile="fusermount3"
name="/run/user/1000/gnome-remote-desktop/cliprdr-cjuzWv/" pid=6020
comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
```
**** To reproduce ****
1. Enable headless Gnome Remote Desktop (i.e. `grdctl --system rdp
enable` / via System > Remote Desktop > Remote Login)
2. Connect to Gnome Remote Desktop, e.g.:
xfreerdp /dynamic-resolution /v:ubuntu2504 /size:1920x1080
3. Attempt fails with
```
[17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client]
- Loading Dynamic Virtual Channel rdpgfx
[17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client]
- Loading Dynamic Virtual Channel disp
[17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core.transport] -
BIO_read returned a system error 104: Connection reset by peer
[17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core] -
transport_read_layer:freerdp_set_last_error_ex
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[17:52:37:251] [1593640:1593641] [INFO][com.freerdp.client.common] - Network
disconnect!
```
with `journalctl -f` error:
```
Mar 23 17:52:37 ubuntu2504 org.gnome.RemoteDesktop.Handover.desktop[15162]:
fusermount3: mount failed: Permission denied
Mar 23 17:52:37 ubuntu2504 kernel: audit: type=1400
audit(1742712757.245:305): apparmor="DENIED" operation="mount" class="mount"
info="failed mntpnt match" error=-13 profile="fusermount3"
name="/run/user/119/gnome-remote-desktop/cliprdr-ABm0Gd/" pid=15162
comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
Mar 23 17:52:37 ubuntu2504 kernel: traps: RDP FUSE clipbo[15161] trap int3
ip:7b95e7600ea7 sp:7b95b53fdfe0 error:0 in
libglib-2.0.so.0.8400.0[72ea7,7b95e75ad000+bd000]
Mar 23 17:52:37 ubuntu2504 gnome-remote-de[14921]: [FUSE Clipboard] Failed to
mount FUSE filesystem
```
**** Fix ****
`/etc/apparmor.d/fusermount3` - change path to '**' - e.g.:
```
15c15
< mount fstype=@{fuse_types} options=(nosuid,nodev,rw) ->
@{run}/user/@{uid}/*/,
---
> mount fstype=@{fuse_types} options=(nosuid,nodev,rw) ->
@{run}/user/@{uid}/**/,
```
Fixed profile attached:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2103889/+attachment/5866571/+files/fusermount3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2103889/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
