[snap] chromium does not read root-owned files in $HOME
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Today, I literally spent hours trying to figure out why I cound't upload a large file.
Of course I thought the problem was the size of the file.
It wasn't. The problem was that Chromium in Snap for some reason is confined so that it can SEE file-owned-
I tried to upload the big file onto a PsiTransfer webpage. And it simply stalled. The apache2 backend reported 400-errors and I got no useful info out of that.
Chromium itself reported this in the Networking tab:
PATCH https:/
Which is totally useless. In no way could I expect that the ultimate cause was that the local file was not owned by me.
_If I can see the file, and I have read-permissions on it, I expect that I can upload the file._
Another example:
$ ls -l ~/Junk/rode_muur*
-rw-rw-r-- 1 walter walter 64773 aug 27 18:08 /home/walter/
-rw-rw-r-- 1 root root 64773 aug 27 18:08 /home/walter/
Trying to upload rode_muur_root.jpg to e.g. https:/
This site can’t be reached
The webpage at https:/
ERR_ACCESS_DENIED
That does not tell me that there is a problem with the local file. That looks like a remote problem, am I right?
What would be the fix?
- Either don't show the file, if you're not letting me access it;
- or let me access the file;
- or, if that isn't possible, give me a reasonable error message. Having to look in journalctl [1] as root to find out why a client application is misbehaving is just not acceptable.
[1] # journalctl -t audit -n1 -o cat
AVC apparmor="DENIED" operation="open" profile=
(I know that I'll be complaining to deaf ears. You have your reasons for putting all the browsers in snap. But from a user's perspective, this whole snap thing has been One Giant Disappointment. I'm actually considering moving to alternative distros after more than 10 perfectly satisfactory years on Ubuntu.)
Changed in chromium-browser (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Low |
assignee: | nobody → Nathan Teodosio (nteodosio) |
Thanks for the report Walter. This hasn't fallen on deaf ears. Reading and uploading a file to which you have read permissions in your home directory is definitely something that's expected to work, and if it doesn't it needs to be investigated and fixed.
Can you try the following?
snap run --shell chromium HOME/Junk/ rode_muur_ root.jpg
stat $SNAP_REAL_
exit
and share the output here?
Is there anything "exotic" (i.e. non-default options) about your home directory?