** Package changed: linux (Ubuntu) => apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High
** Tags added: plucky -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2103889 Title: gnome-remote-desktop-daemon: fusermount3: mount failed: Permission denied Status in apparmor package in Ubuntu: New Bug description: On Ubuntu 25.04 daily (as of 2025-03-23), connecting to headless remote desktop fails with apparmor error "fusermount3: mount failed: Permission denied", after installation: ``` Mar 23 15:47:07 ubuntu2504 gnome-remote-desktop-daemon[6020]: fusermount3: mount failed: Permission denied Mar 23 15:47:07 ubuntu2504 kernel: audit: type=1400 audit(1742705227.026:259): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/run/user/1000/gnome-remote-desktop/cliprdr-cjuzWv/" pid=6020 comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev" ``` **** To reproduce **** 1. Enable headless Gnome Remote Desktop (i.e. `grdctl --system rdp enable` / via System > Remote Desktop > Remote Login) 2. Connect to Gnome Remote Desktop, e.g.: xfreerdp /dynamic-resolution /v:ubuntu2504 /size:1920x1080 3. Attempt fails with ``` [17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel rdpgfx [17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel disp [17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 104: Connection reset by peer [17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [17:52:37:251] [1593640:1593641] [INFO][com.freerdp.client.common] - Network disconnect! ``` with `journalctl -f` error: ``` Mar 23 17:52:37 ubuntu2504 org.gnome.RemoteDesktop.Handover.desktop[15162]: fusermount3: mount failed: Permission denied Mar 23 17:52:37 ubuntu2504 kernel: audit: type=1400 audit(1742712757.245:305): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/run/user/119/gnome-remote-desktop/cliprdr-ABm0Gd/" pid=15162 comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev" Mar 23 17:52:37 ubuntu2504 kernel: traps: RDP FUSE clipbo[15161] trap int3 ip:7b95e7600ea7 sp:7b95b53fdfe0 error:0 in libglib-2.0.so.0.8400.0[72ea7,7b95e75ad000+bd000] Mar 23 17:52:37 ubuntu2504 gnome-remote-de[14921]: [FUSE Clipboard] Failed to mount FUSE filesystem ``` **** Fix **** `/etc/apparmor.d/fusermount3` - change path to '**' - e.g.: ``` 15c15 < mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{run}/user/@{uid}/*/, --- > mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{run}/user/@{uid}/**/, ``` Fixed profile attached: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2103889/+attachment/5866571/+files/fusermount3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2103889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
