Ubuntu
firefox package

profile snap-update-ns.firefox is denied

Bug #1993359 reported by Dimitri John Ledkov
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

profile snap-update-ns.firefox is denied

on fresh kinetic boot

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

# journalctl --file /tmp/system.journal | grep denied | grep appar
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 audit[1922]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 audit[1922]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1666135139.644:56): apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1666135139.644:57): apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 audit[1922]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 audit[1922]: AVC apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=1922 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct 19 00:18:59 xnox-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1666135139.648:58): apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=1922 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

on encrypted zfs install

Revision history for this message
Brian Murray (brian-murray) wrote :

I've also seen this on a fresh install of Ubuntu 22.10 (20221018) with zfs+encryption.

Revision history for this message
Thomas Ward (teward) wrote :

Confirmed in QEMU 22.10 from the current ISO image at this time, LVM, no encryption.

$ journalctl | grep denied | grep appa | grep fire
Oct 18 20:09:51 teward-Standard-PC-Q35-ICH9-2009 audit[1248]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=1248 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 18 20:09:51 teward-Standard-PC-Q35-ICH9-2009 kernel: audit: type=1400 audit(1666138191.488:56): apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=1248 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 18 20:09:51 teward-Standard-PC-Q35-ICH9-2009 audit[1248]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=1248 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 18 20:09:51 teward-Standard-PC-Q35-ICH9-2009 audit[1248]: AVC apparmor="DENIED" operation="mkdir" class="file" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=1248 comm="6" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Oct 18 20:09:51 teward-Standard-PC-Q35-ICH9-2009 audit[1248]: AVC apparmor="DENIED" operation="open" class="file" profile="snap-update-ns.firefox" name="/var/lib/" pid=1248 comm="6" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

(All firefox related apparmor items are visible at https://pastebin.ubuntu.com/p/jrwcBm62y7/ but I shortened to just the DENIED ones here)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox (Ubuntu):
status: New → Confirmed
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

Also affects normal installations (ext4, no encryption). Installed, rebooted, logged in, searched logs and found messages.

Revision history for this message
Brian Murray (brian-murray) wrote :

Despite the presence of the error messages in my log I'm still able to use Firefox and `snap refresh firefox` seems like it would have worked if there was an update.

Revision history for this message
Alberto Mardegan (mardy) wrote :

At least some of these seem could have been fixed by https://github.com/snapcore/snapd/pull/12127 (which has been merged in master, but is not part of any release yet).

Revision history for this message
meven (meven29) wrote :

I am experiencing this issue in Ubuntu 22.04.2 LTS.

It possibly causes freezes.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.