Comment 6 for bug 1718885

All nine of our kiosks, running a mix of Ubuntu 14.04.5 LTS and 16.04.3 LTS, are now exhibiting this bug. So we can definitely reproduce it on a mix of hardware and software. Uninstalling and reinstalling Chromium did not help.

Here's someone else's forum post on the same topic too:

https://askubuntu.com/questions/958378/chromium-will-not-start-in-guest-session-on-ubuntu-16-04-3-lts

As the original bug report notes, it only affects guest session users, not regular users. While logged in as a regular user, though, it can be demonstrated by trying to run Chromium via the lightdm-guest-session:

$ /usr/lib/lightdm/lightdm-guest-session /usr/bin/chromium-browser
/usr/lib/chromium-browser/chromium-browser: error while loading shared libraries: libffmpeg.so: cannot open shared object file: No such file or directory

Now libffmpeg.so *is* provided as part of the Chromium install, under /usr/lib/chromium-browser/libffmpeg.so, and simply copying it to a standard directory allows Chromium to launch via the guest session:

$ sudo cp /usr/lib/chromium-browser/libffmpeg.so /usr/lib/x86_64_linux_gnu
$ /usr/lib/lightdm/lightdm-guest-session /usr/bin/chromium-browser
[Chromium launches]

Obviously, that's not an ideal solution.

I also found that disabling AppArmor's profile for the LightDM guest session allowed the above test to succeed (i.e., to launch Chromium):

$ sudo apparmor_parser -R /etc/apparmor.d/lightdm-guest-session
$ /usr/lib/lightdm/lightdm-guest-session /usr/bin/chromium-browser
[Chromium launches]

Or, editing out the #include statement in /etc/apparmor.d/lightdm-guest-session which includes the sub-profile /etc/apparmor.d/abstractions/lightdm_chromium-browser and then reloading AppArmor also worked:

[comment out #include of abstractions/lightdm_chromium-browser in lightdm-guest-session]
$ sudo apparmor_parser -r /etc/apparmor.d/lightdm-guest-session
$ /usr/lib/lightdm/lightdm-guest-session /usr/bin/chromium-browser
[Chromium launches]

Interestingly, nothing is captured in /var/log/kern.log; there's no obvious error message here.

Digging into the /etc/apparmor.d/abstractions/lightdm_chromium-browser configuration, it looks like the Chromium binary is executed with the "Cx" settings, e.g.:

/usr/lib/chromium-browser/chromium-browser Cx -> chromium

According to the man page (http://manpages.ubuntu.com/manpages/xenial/en/man5/apparmor.d.5.html), the "Cx" setting means "transition to subprofile on execute -- scrub the environment".

Now, the /usr/bin/chromium-browser shell script has some code which sets LD_LIBRARY_PATH to include /usr/lib/chromium-browser, precisely so that libffmpeg.so can be located by the runtime linker.

My guess, therefore, is that the AppArmor sub-profile for Chromium is causing LD_LIBRARY_PATH to be scrubbed from the environment, so libffmpeg.so can not be located at runtime.

One other oddity is why all our LTS machines (both 14.04 and 16.04) now have libffmpeg.so in /usr/lib/chromium-browser, not /usr/lib/chromium-browser/libs. But when I checked with dpkg-query, the former (/usr/lib/chromium-browser/libffmpeg.so) is definitely what was listed, and that's where the shared library was installed.