Public bug reported:
On Ubuntu Plucky (after updating from 24.10), flatpak was throwing errors such
as:
mount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712:
Child process exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712:
Child process exited with code 1
(internal error, please report)
After looking at dmesg I saw: [ 337.157392] audit: type=1400
audit(1740585583.450:394): apparmor="DENIED" operation="mount"
class="mount" info="failed mntpnt match" error=-13 profile="fusermount3"
name="/var/tmp/flatpak-cache-HGJ712/org.gnome.Platform-QW6C22/" pid=8913
comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid,
nodev"
To fix the problem, I modified the /etc/apparmor.d/fusermount3 to
include the lines to allow mounting in /var/tmp:
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) ->
/var/tmp/flatpak-cache-*/**,
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) ->
/var/tmp/flatpak-cache-*/**,
umount /var/tmp/flatpak-cache-*/**,
after reloading with:
sudo apparmor_parser -r /etc/apparmor.d/fusermount3
and running flatpak update again, it worked as expected.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu5
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
Uname: Linux 6.12.0-15-generic x86_64
ApportVersion: 2.31.0+git20250220-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Feb 26 17:11:41 2025
InstallationDate: Installed on 2021-01-05 (1513 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201223)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic
root=UUID=a347123c-fffc-41bc-b182-3eb2b26aa16b ro quiet splash
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2025-02-16 (10 days ago)
mtime.conffile..etc.apparmor.d.fusermount3: 2025-02-26T17:07:28.917778
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug plucky wayland-session
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2100295
Title:
Apparmor settings for fusermount3 break flatpak
Status in apparmor package in Ubuntu:
New
Bug description:
On Ubuntu Plucky (after updating from 24.10), flatpak was throwing errors
such as:
mount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712:
Child process exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712:
Child process exited with code 1
(internal error, please report)
After looking at dmesg I saw: [ 337.157392] audit: type=1400
audit(1740585583.450:394): apparmor="DENIED" operation="mount"
class="mount" info="failed mntpnt match" error=-13
profile="fusermount3" name="/var/tmp/flatpak-cache-
HGJ712/org.gnome.Platform-QW6C22/" pid=8913 comm="fusermount3"
fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
To fix the problem, I modified the /etc/apparmor.d/fusermount3 to
include the lines to allow mounting in /var/tmp:
mount fstype=@{fuse_types} options=(nosuid,nodev,rw) ->
/var/tmp/flatpak-cache-*/**,
mount fstype=@{fuse_types} options=(nosuid,nodev,ro) ->
/var/tmp/flatpak-cache-*/**,
umount /var/tmp/flatpak-cache-*/**,
after reloading with:
sudo apparmor_parser -r /etc/apparmor.d/fusermount3
and running flatpak update again, it worked as expected.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu5
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
Uname: Linux 6.12.0-15-generic x86_64
ApportVersion: 2.31.0+git20250220-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Feb 26 17:11:41 2025
InstallationDate: Installed on 2021-01-05 (1513 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201223)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic
root=UUID=a347123c-fffc-41bc-b182-3eb2b26aa16b ro quiet splash
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2025-02-16 (10 days ago)
mtime.conffile..etc.apparmor.d.fusermount3: 2025-02-26T17:07:28.917778
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2100295/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
