Additionally, this directive breaks use of ssh keys / keyring:
include <abstractions/private-files-strict>
I replaced it with:
include <abstractions/private-files>
owner @{run}/user/@{uid}/keyring/ssh rw,
And updated the ${HOME}/.ssh line:
owner @{HOME}/.ssh/{config,known_hosts,id_*} r,
A full patch is attached that seems to get things working for me. A few
apparmor failures remain that I didn't include (and possibly more that would be
hit if these were allowed):
execute: /usr/bin/lsb_release, /usr/bin/python3.13, /usr/bin/bash
dbus send (all would be covered by include <abstractions/dbus-session>):
/org/gtk/Settings (org.freedesktop.DBus.Properties), /StatusNotifierWatcher
(org.freedesktop.DBus.Introspectable), /org/a11y/bus (org.a11y.Bus)
file: /etc/timezone, /etc/lsb-release, /etc/debian_version
** Patch added: "remmina-apparmor.patch"
https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/2106675/+attachment/5870946/+files/remmina-apparmor.patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to remmina in Ubuntu.
https://bugs.launchpad.net/bugs/2106675
Title:
apparmor prevents access to saved sessions
Status in remmina package in Ubuntu:
New
Bug description:
After upgrading to 25.04 (beta), my saved connections / target
computers in Remmina were gone. Where previously I had several saved
connection entries, there were none.
I modified /etc/apparmor.d/remmina to run with flags=(complain), re-
launched, and all my saved connections were back.
Subsequently running aa-logprof suggested the following additions:
include <abstractions/bash>
include <abstractions/dbus-session>
/etc/debian_version r,
/etc/lsb-release r,
/usr/bin/dash ix,
/usr/bin/lsb_release mrix,
/usr/bin/python3.13 mrix,
@{etc_ro}/fstab r,
owner @{HOME}/.remmina/ r,
owner @{HOME}/.remmina/* r,
(I replaced /home/*/ with ${HOME}.)
It seems likely it's possible to avoid the dbus-session include (I see
dbus-session-strict was already present), but there were many manual
rules it was requesting without that, and I don't know enough about
remmina, apparmor, or dbus to offer useful input there.
It seems quite possible that only the @{HOME}/.remmina/(*) rules are
needed to fix this, but the numerous complaints about accesses to
DBus.Properties /org/freedesktop/secrets/collection/login/... paths
seems like this rule [ dbus (send) bus=session
path="/org/freedesktop/secrets/collection/login"
interface="org.freedesktop.DBus.Properties" member=GetAll
peer=(label=unconfined), ] might not be working as expected, and I'm
suspicious they're related to loading these saved connections.
Please give us some details about the systems you are using:
* Client (OS name and version): Ubuntu 25.04 Plucky Puffin (development
branch), amd64
* Remmina version (remmina --version): org.remmina.Remmina - 1.4.39 (git n/a)
(dpkg: 1.4.39+dfsg-1)
* Desktop environment (GNOME, Unity, KDE, ..): Gnome
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/2106675/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
