[Touch-packages] [Bug 2100295] Re: Apparmor settings for fusermount3 break flatpak

Tue, 04 Mar 2025 05:59:12 -0800 

** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2100295

Title:
  Apparmor settings for fusermount3 break flatpak

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  On Ubuntu Plucky (after updating from 24.10), flatpak was throwing errors 
such as:
  mount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  Warning: Could not unmount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  (internal error, please report)

  After looking at dmesg I saw: [  337.157392] audit: type=1400
  audit(1740585583.450:394): apparmor="DENIED" operation="mount"
  class="mount" info="failed mntpnt match" error=-13
  profile="fusermount3" name="/var/tmp/flatpak-cache-
  HGJ712/org.gnome.Platform-QW6C22/" pid=8913 comm="fusermount3"
  fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"

  To fix the problem, I modified the /etc/apparmor.d/fusermount3 to
  include the lines to allow mounting in /var/tmp:

  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> 
/var/tmp/flatpak-cache-*/**,
  mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> 
/var/tmp/flatpak-cache-*/**,
  umount /var/tmp/flatpak-cache-*/**,

  after reloading with:
   sudo apparmor_parser -r /etc/apparmor.d/fusermount3

  and running flatpak update again, it worked as expected.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu5
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 26 17:11:41 2025
  InstallationDate: Installed on 2021-01-05 (1513 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201223)
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=a347123c-fffc-41bc-b182-3eb2b26aa16b ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2025-02-16 (10 days ago)
  mtime.conffile..etc.apparmor.d.fusermount3: 2025-02-26T17:07:28.917778

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2100295/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to