[snap] U2F doesn't work with yubikey
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
High
|
Olivier Tilloy | ||
gnome-software (Ubuntu) |
Fix Released
|
Medium
|
Robert Ancell | ||
Xenial |
Fix Released
|
Medium
|
Robert Ancell | ||
Bionic |
Fix Released
|
Medium
|
Robert Ancell | ||
Cosmic |
Won't Fix
|
Medium
|
Robert Ancell |
Bug Description
[Impact]
Installing a snap that requires the u2f-devices interface doesn't show a UI element to enable/disable this in GNOME Software. Initially Chromium didn't have this enabled by default, and thus the feature wouldn't work without going to the command line. It now is enabled by default.
[Test Case]
1. Open GNOME Software
2. Install the Chromium snap
3. Click "Permissions"
Expected result:
A switch is shown to control "Read/write access to U2F devices exposed". Clicking it connects/
Observed result:
No switch is shown for this interface.
[Regression Potential]
A string for this interface was added to GNOME Software, low risk of introducing a new bug.
Related branches
Changed in chromium-browser (Ubuntu): | |
importance: | Medium → High |
Changed in chromium-browser (Ubuntu): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in chromium-browser (Ubuntu Xenial): | |
status: | New → Invalid |
Changed in chromium-browser (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in chromium-browser (Ubuntu Cosmic): | |
status: | New → Invalid |
Changed in gnome-software (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in gnome-software (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in gnome-software (Ubuntu Cosmic): | |
status: | New → Confirmed |
Changed in gnome-software (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in gnome-software (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in gnome-software (Ubuntu Cosmic): | |
importance: | Undecided → Medium |
Changed in gnome-software (Ubuntu Xenial): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in gnome-software (Ubuntu Bionic): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in gnome-software (Ubuntu Cosmic): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in gnome-software (Ubuntu): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in gnome-software (Ubuntu Bionic): | |
status: | Confirmed → Fix Committed |
Changed in gnome-software (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in chromium-browser (Ubuntu): | |
status: | Fix Committed → Fix Released |
no longer affects: | chromium-browser (Ubuntu Xenial) |
no longer affects: | chromium-browser (Ubuntu Bionic) |
no longer affects: | chromium-browser (Ubuntu Cosmic) |
description: | updated |
Changed in gnome-software (Ubuntu Xenial): | |
status: | Confirmed → Fix Committed |
It appears that apparmor is blocking u2f requests :
[ 5955.568022] audit: type=1400 audit(152646565 9.599:92) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name="/ sys/devices/ pci0000: 00/0000: 00:14.0/ usb3/3- 3/3-3:1. 0/0003: 045E:07B2. 0001/report_ descriptor" pid=19386 comm="TaskSched ulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 9.599:93) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name="/ sys/devices/ pci0000: 00/0000: 00:14.0/ usb3/3- 3/3-3:1. 1/0003: 045E:07B2. 0002/report_ descriptor" pid=19386 comm="TaskSched ulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 9.599:94) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name="/ sys/devices/ pci0000: 00/0000: 00:14.0/ usb3/3- 3/3-3:1. 2/0003: 045E:07B2. 0003/report_ descriptor" pid=19386 comm="TaskSched ulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 9.599:95) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name="/ sys/devices/ pci0000: 00/0000: 00:1a.0/ usb1/1- 1/1-1.2/ 1-1.2:1. 0/0003: 1050:0407. 002D/report_ descriptor" pid=19386 comm="TaskSched ulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 9.603:96) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name="/ sys/devices/ pci0000: 00/0000: 00:1a.0/ usb1/1- 1/1-1.2/ 1-1.2:1. 1/0003: 1050:0407. 002E/report_ descriptor" pid=19386 comm="TaskSched ulerFo" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 5955.568379] audit: type=1400 audit(152646565
[ 5955.568667] audit: type=1400 audit(152646565
[ 5955.569840] audit: type=1400 audit(152646565
[ 5955.570337] audit: type=1400 audit(152646565