Comment 42 for bug 1967632

Revision history for this message
In , L-bugzilla (l-bugzilla) wrote :

(In reply to Olivier Tilloy from comment #1)
> (from https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1843392/comments/1)
>
> The proposed approach to solve this that was discussed with the Ubuntu security team is:
> - stage common PKCS modules in the snap
> - add a layout for `/usr/lib/pkcs11` pointing to a writeable area of the snap (e.g. `$SNAP_USER_DATA/.local/lib`)
> - on first run, copy the common PKCS modules to that writeable area
> - document that custom modules (and their dependencies?) should be manually copied to that directory
> - create a new interface (not auto-connected, that's okay) for access to `/var/run/pcscd/pcscd.comm`
>
> I'm not familiar with how smart card readers work though, so feedback and suggestions are welcome.

Why can't the snap package be configured to just let access to /var/run/pcscd/pcscd.comm?
The PKCS#11 libs are normally platform/distribution dependent, so you can't just include it in a snap package hoping this will works anywhere.
Dependencies are more platform dependent, 1 over all: libpcsclite.so.1 library shall match the protocol version of his server, you can't just bring it in the snap packages and hope it works.
It looks like Snap is by now very immature technology to run the default version of FF on Ubuntu.