[snap] Firefox unable to load Security Device "p11-kit-trust.so" defined in /etc/firefox/policies/policies.json
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Environment:
Ubuntu 21.10 with default Firefox (v93.0) snap install.
Having defined a policy in /etc/firefox/
$ cat /etc/firefox/
{
"policies": {
],
"NTLM": [
],
],
},
"Homepage": {
"URL": "https:/
},
"Proxy": {
"Mode": "system",
},
}
}
}
I got an error when looking over about:policies:
"Unable to load security device p11-kit-trust.so"
However, all other policies are active and applied correctly (meaning that snap firefox can load /etc/firefox/
After enabling debug for policies I get the following error:
Policies.jsm:
Exception { name: "NS_ERROR_FAILURE", message: "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIPKCS11Modul
Policies.jsm:1998
I tried to reproduce with the firefox.deb package without success, so the problem might be around snap.
tags: | added: snap |
Changed in firefox (Ubuntu): | |
status: | New → Confirmed |
That's indeed a snap-specific problem, and a confinement issue: the application is not allowed to see /usr/lib/ x86_64- linux-gnu/ pkcs11/ on the host system, the path is remapped to /snap/core20/ current/ usr/lib/ x86_64- linux-gnu/ pkcs11/ , which doesn't exist.
I was able to work around the problem by downloading the p11-kit-modules package for Ubuntu 20.04 (https:/ /launchpad. net/ubuntu/ focal/amd64/ p11-kit- modules), unpacking it in /var/snap/ firefox/ common/ , and changing the path in /etc/firefox/ policies/ policies. json to point there.
Not exactly easy, but it seems to do the job without requiring changes to firefox or the snap itself.