thunderbird snap on live systems "already running" but not responsive

@u-dal:

can you attach the overlay mount information.

@u-jjohansen:

```
$ mount | grep overlay
/cow on / type overlay (rw,relatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
/cow on /var/snap/firefox/common/host-hunspell type overlay (ro,noexec,noatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
```

Also, in case it helps, I run this script upon booting the live cd image:
```
$ cat thunder2.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/snap/thunderbird/common/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/snap/thunderbird/common/.thunderbird/
```

Previously I was running thunder.sh (this below worked in all prior Lubuntu versions):

```
$ cat thunder.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/.thunderbird/
```

But with the conversion of thunderbird into snap only, I had to change the directories.

Oh also, by using

```
~/.thunderbird/p0dln6zn.default$ ls -A
```

I just noticed there's a .parentlock right now in that directory ... in case it's relevant

So my supposition on the overlay looks to be incorrect. Would you being willing to attach your full mount information?

@u-jjohansen

```
$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=7984072k,nr_inodes=1996018,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1605152k,mode=755,inode64)
/dev/sdb1 on /cdrom type vfat (ro,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/loop0 on /rofs type squashfs (ro,noatime,errors=continue,threads=single)
/cow on / type overlay (rw,relatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1466)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/var/lib/snapd/snaps/bare_5.snap on /snap/bare/5 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/firmware-updater_127.snap on /snap/firmware-updater/127 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/firefox_4173.snap on /snap/firefox/4173 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/core22_1380.snap on /snap/core22/1380 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/gnome-42-2204_176.snap on /snap/gnome-42-2204/176 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,inode64)
/var/lib/snapd/snaps/gtk-common-themes_1535.snap on /snap/gtk-common-themes/1535 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/snapd_21465.snap on /snap/snapd/21465 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1605148k,nr_inodes=401287,mode=700,uid=1000,gid=1000,inode64)
tmpfs on /run/snapd/n...

@u-dal:

thankyou, though I have to say I am at a loss as to why the snap version of thunderbird is trying to access

```
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/lock
```

what kind of configuration have you done? I see you are copying data from /media/lubuntu/drive/startup/ into the snap, is something in one of these a symlink into /media/lubuntu/drive/hq/email/thunderbird?

As for why this used to work and doesn't now is thunderbird unless you opted into it (enabled the profile) was not confined. The snap thunderbird is confined and defines down to the file what thunderbird has access to. Snaps however are not under normal apparmor control, and make it some what hard for the user to extend what is allowed.

There are a few things that can be done to work around the issue but I am still trying to understand why thunderbird is trying to access that location.

things we can do to work around this issue immediately, so you can have access to your mail

1. enable snapd prompting in the new security center (its a flutter based application, I am not sure if lubuntu is shipping it by default). If this is a location that falls under what is allowed to prompt (I am not sure it is), snapd we prompt you about allowing the access, store your response and it will be allowed in the future.

2. reinstall thunderbird snap in dev mode

3. manually update the snap profile. There will have to be script that recopies, and reloads, as snap can and will regenerate and reload when it refreshes.

4. uninstall the thunderbird snap and install thunderbird as a deb via the mozilla ppa. You can opt into an apparmor profile if you want, in this case you get full control over the profile.

5. disable apparmor in grub.

@u-jjohansen,

You ask:

```
what kind of configuration have you done?
```

I just:

```
sudo apt update
sudo apt install thunderbird
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/snap/thunderbird/common/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/snap/thunderbird/common/.thunderbird/
```

None of these are symlinked as far as I know. That profiles.ini has a few profiles in it that tell Thunderbird to look for the PATH on the local hard drive as opposed to the RAMdisk, e.g.

```
Path=/media/lubuntu/drive/hq/email/thunderbird/certainprofilegoeshere
```

Beyond the above, I haven't really done any config.

I'm no expert, but your #2 and #3 solutions seem too complicated for my enduser use cases. Maybe #1 would be the easiest? #4 also might be a longterm solution. #5 seems too risky. So yeah, I'm thinking either #1 or #4 ... but not sure :\

@u-jjohansen,

I had an interesting result today. I powered off my live 24.04 Lubuntu installation and rebooting into a new live 24.04 Lubuntu installation. This time, however, I installed Thunderbird stable as a .deb from Mozilla. And I ran my old script:

```
$ cat thunder.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/.thunderbird/
```

After that, I started Thunderbird. After selecting my profile, instead of giving me the "already running" error message, Thunderbird let me into my usual everything: address book, old emails, etc. Everything seemed peachy keen! I did some work in Thunderbird, then closed the program.

Then later that same day, I tried to start Thunderbird a second time, and boom, I immediately -- meaning, without seeing the menu to select my profile -- I immediately got the "already running" error message: "Thunderbird is already running, but is not responding. To use Thunderbird, you must first close the existing Thunderbird process, restart your device, or use a different profile." and Thunderbird refuses to open.

Let me know if you want me to run any diagnostic commands, I should have this live installation up for quite a while. Thanks!

the Path=/media/lubuntu/drive/hq/email/thunderbird/certainprofilegoeshere explains it

I'm sorry, would you mind elaborating? profiles.ini allows configuration of where each profile stores emails, so what are the consequences of my doing that? I used it, and the same PATH variable, prior to 24.04 without problem.

I note also that currently, despite booting up a fresh live 24.04 Lubuntu system and installing Thunderbird as a .deb, this happens after a while:

$ whereis thunderbird
thunderbird: /usr/bin/thunderbird /etc/thunderbird /snap/bin/thunderbird

That looks to me as if Snap was installed, maybe through my use of apt, maybe through background Lubuntu Update processes. I didn't intentionally install the Snap, nor do I recall seeing it during apt output, but maybe I'm overlooking something. Anyway, it seems to leave me with two conflicting versions of Thunderbird, Snap and .deb. Might that by the problem?

Finally, I'm still having similar problems with Google Chrome. Pre-24.04, installed as .deb, worked great. With 24.04, trying to install the Snap gives me errors aplenty as discussed in othe other link.

I'd prefer to get onboard with the 24.04-and-beyond pro-Snap train to minimize conflicts in the future, so I'm not trying to stick with .debs or anything -- I've just been experimenting with the Thunderbird .DEB as a workaround.

> I'm sorry, would you mind elaborating? profiles.ini allows configuration of where each profile stores emails, so what are the consequences of my doing that? I used it, and the same PATH variable, prior to 24.04 without problem.

that will direct thunderbird to access your emails stored at the location
  /media/lubuntu/drive/hq/email/thunderbird/certainprofilegoeshere

which explains why your dmesg contains denials like
  [39889.472715] audit: type=1400 audit(1714429239.953:352): apparmor="DENIED" operation="open" class="file" profile="snap.thunderbird.thunderbird" name="/media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock" pid=72158 comm="thunderbird-bin" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000

which was my comment about being at a loss as to why thunderbird is trying to access

```
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/lock
```

The consequences of doing that are that the snap confinement for thunderbird doesn't give it access to that location. The thunderbird deb is installing the thunderbird snap, you can read more about it at the following link https://www.omgubuntu.co.uk/2024/02/thunderbird-snap-in-ubuntu-24-04

For the chrome snap I would have to see the dmesg output to be sure but it could be a similar issue.

So how to address this. Unfortunately doesn't currently have a mechanism to allow the user to override its confinement. You can manually update the generated apparmor profile but snap will regenerate it and throw your custom rules away the next time it refreshes the application.

Sigh, that should be Unfortunately snap doesn't currently have ...

Thanks for your helpful replies.

Am I correct in understanding, the Thunderbird snap does not allow profiles to set paths to locations outside the snap confinement? And if so, is that something specific to running a live system or is it something any Lubuntu 24.04 installation is now stymied by?

Either way -- unless I'm missing something, which very well could be -- this seems like a pretty significant bug. There's probably a lot of use cases where a single Thunderbird installation has multiple profiles, each of which could have a different path. Say, one to an external HDD, another to a DVD-ROM, a third to a network location, a fourth to ...

And if it's also going on with Google Chrome, than it's an issue with everyone acclimating to and normalizing Snap, and not just Thunderbird. I will find the Chrome dmesg info, I may have pasted it before but maybe not. Thanks again.

> Am I correct in understanding, the Thunderbird snap does not allow profiles to set paths to locations outside the snap confinement? And if so, is that something specific to running a live system or is it something any Lubuntu 24.04 installation is now stymied by?

it is a property of the snap, regardless of whether it is on a live system, ubuntu, Lubuntu, kubuntu, ...
There is work on going to address this but it is not currently available

Assuming your username on the system is lubuntu, then the /media/lubuntu/ path should be exposed via the removable-media interface of snapd - and the thunderbird snap does list this interface - but it is just not auto-connected. So it may just work if you then run:

sudo snap connect thunderbird:removable-media

Wow!

$ sudo snap connect thunderbird:removable-media

worked! I can open the Snap thunderbird and get into my profile's emails now. Thanks so much! We did it!

I guess the equivalent command for Snap chrome should be

$ sudo snap connect google-chrome:removable-media

or maybe

$ sudo snap connect google-chrome-stable:removable-media

or both?