Ubuntu
apparmor package

thunderbird snap on live systems "already running" but not responsive

Bug #2064363 reported by John Johansen
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
New
Undecided
Unassigned

Bug Description

Moving this here from https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844

snap policy on an overlay system is preventing thunderbird from running. This is related to the snapcraft form report https://forum.snapcraft.io/t/unexplained-thunderbird-already-running-but-is-not-responding-message/39990

Revision history for this message
John Johansen (jjohansen) wrote :
Revision history for this message
John Johansen (jjohansen) wrote :
Revision history for this message
John Johansen (jjohansen) wrote :
Revision history for this message
John Johansen (jjohansen) wrote :

@u-dal:

can you attach the overlay mount information.

Revision history for this message
Douglas Lucas (u-dal) wrote :

@u-jjohansen:

```
$ mount | grep overlay
/cow on / type overlay (rw,relatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
/cow on /var/snap/firefox/common/host-hunspell type overlay (ro,noexec,noatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
```

Also, in case it helps, I run this script upon booting the live cd image:
```
$ cat thunder2.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/snap/thunderbird/common/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/snap/thunderbird/common/.thunderbird/
```

Previously I was running thunder.sh (this below worked in all prior Lubuntu versions):

```
$ cat thunder.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/.thunderbird/
```

But with the conversion of thunderbird into snap only, I had to change the directories.

Revision history for this message
Douglas Lucas (u-dal) wrote :

Oh also, by using

```
~/.thunderbird/p0dln6zn.default$ ls -A
```

I just noticed there's a .parentlock right now in that directory ... in case it's relevant

Revision history for this message
John Johansen (jjohansen) wrote :

So my supposition on the overlay looks to be incorrect. Would you being willing to attach your full mount information?

Revision history for this message
Douglas Lucas (u-dal) wrote :
Download full text (4.4 KiB)

@u-jjohansen

```
$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=7984072k,nr_inodes=1996018,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1605152k,mode=755,inode64)
/dev/sdb1 on /cdrom type vfat (ro,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/loop0 on /rofs type squashfs (ro,noatime,errors=continue,threads=single)
/cow on / type overlay (rw,relatime,lowerdir=/filesystem.squashfs,upperdir=/cow/upper,workdir=/cow/work,uuid=on,xino=off,nouserxattr)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1466)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/var/lib/snapd/snaps/bare_5.snap on /snap/bare/5 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/firmware-updater_127.snap on /snap/firmware-updater/127 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/firefox_4173.snap on /snap/firefox/4173 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/core22_1380.snap on /snap/core22/1380 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/gnome-42-2204_176.snap on /snap/gnome-42-2204/176 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,inode64)
/var/lib/snapd/snaps/gtk-common-themes_1535.snap on /snap/gtk-common-themes/1535 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
/var/lib/snapd/snaps/snapd_21465.snap on /snap/snapd/21465 type squashfs (ro,nodev,relatime,errors=continue,threads=single,x-gdu.hide,x-gvfs-hide)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1605148k,nr_inodes=401287,mode=700,uid=1000,gid=1000,inode64)
tmpfs on /run/snapd/n...

Read more...

Revision history for this message
John Johansen (jjohansen) wrote :

@u-dal:

thankyou, though I have to say I am at a loss as to why the snap version of thunderbird is trying to access

```
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock
/media/lubuntu/drive/hq/email/thunderbird/awesomenough/lock
```

what kind of configuration have you done? I see you are copying data from /media/lubuntu/drive/startup/ into the snap, is something in one of these a symlink into /media/lubuntu/drive/hq/email/thunderbird?

As for why this used to work and doesn't now is thunderbird unless you opted into it (enabled the profile) was not confined. The snap thunderbird is confined and defines down to the file what thunderbird has access to. Snaps however are not under normal apparmor control, and make it some what hard for the user to extend what is allowed.

There are a few things that can be done to work around the issue but I am still trying to understand why thunderbird is trying to access that location.

things we can do to work around this issue immediately, so you can have access to your mail

1. enable snapd prompting in the new security center (its a flutter based application, I am not sure if lubuntu is shipping it by default). If this is a location that falls under what is allowed to prompt (I am not sure it is), snapd we prompt you about allowing the access, store your response and it will be allowed in the future.

2. reinstall thunderbird snap in dev mode

3. manually update the snap profile. There will have to be script that recopies, and reloads, as snap can and will regenerate and reload when it refreshes.

4. uninstall the thunderbird snap and install thunderbird as a deb via the mozilla ppa. You can opt into an apparmor profile if you want, in this case you get full control over the profile.

5. disable apparmor in grub.

Revision history for this message
Douglas Lucas (u-dal) wrote :

@u-jjohansen,

You ask:

```
what kind of configuration have you done?
```

I just:

```
sudo apt update
sudo apt install thunderbird
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/snap/thunderbird/common/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/snap/thunderbird/common/.thunderbird/
```

None of these are symlinked as far as I know. That profiles.ini has a few profiles in it that tell Thunderbird to look for the PATH on the local hard drive as opposed to the RAMdisk, e.g.

```
Path=/media/lubuntu/drive/hq/email/thunderbird/certainprofilegoeshere
```

Beyond the above, I haven't really done any config.

I'm no expert, but your #2 and #3 solutions seem too complicated for my enduser use cases. Maybe #1 would be the easiest? #4 also might be a longterm solution. #5 seems too risky. So yeah, I'm thinking either #1 or #4 ... but not sure :\

Revision history for this message
Douglas Lucas (u-dal) wrote :

@u-jjohansen,

I had an interesting result today. I powered off my live 24.04 Lubuntu installation and rebooting into a new live 24.04 Lubuntu installation. This time, however, I installed Thunderbird stable as a .deb from Mozilla. And I ran my old script:

```
$ cat thunder.sh
cp -R /media/lubuntu/drive/startup/thunderbird /home/lubuntu/.thunderbird
cp /media/lubuntu/drive/startup/lubuntu_thunder/profiles.ini /home/lubuntu/.thunderbird/
```

After that, I started Thunderbird. After selecting my profile, instead of giving me the "already running" error message, Thunderbird let me into my usual everything: address book, old emails, etc. Everything seemed peachy keen! I did some work in Thunderbird, then closed the program.

Then later that same day, I tried to start Thunderbird a second time, and boom, I immediately -- meaning, without seeing the menu to select my profile -- I immediately got the "already running" error message: "Thunderbird is already running, but is not responding. To use Thunderbird, you must first close the existing Thunderbird process, restart your device, or use a different profile." and Thunderbird refuses to open.

Let me know if you want me to run any diagnostic commands, I should have this live installation up for quite a while. Thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.