Ubuntu
snapd package

No interface to access Network Security Service database (nssdb)

Bug #2060294 reported by Eero Aaltonen on 2024-04-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd (Ubuntu)	New	Undecided	Unassigned

Bug Description

Prompted by the fact that after upgrade to Ubuntu 22.04, smart card authentication in the firefox snap is no longer working.

I have an already configured Network Security Services database in ${HOME}/.pki/nssdb with OpenSC
( https://github.com/OpenSC/OpenSC ) library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so registered as a PKCS#11 module.

Listing certificates from my token with `certutil -d sql:${HOME}/.pki/nssdb -L -h TOKEN_LABEL` works normally.

It seems that the firefox snap is unable to access the .pki directory; attempting to access file:///home/USER/.pki/ results in "Access to the file was denied" message.

I also did not spot any interfaces in
https://snapcraft.io/docs/network-interfaces
or
https://snapcraft.io/docs/security-interfaces
related to Network Security Services

My impression is that this would require either:
A) adding an interface to access the users current NSSDB
B) adding a new isolated but persistent nssdb to the firefox snap.

I'll note that Evolution is a second application using nssdb, and it works normally.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusnapd package

No interface to access Network Security Service database (nssdb)

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
snapd package