** Tags added: sec-6337 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2111205
Title: fusermount3 profile blocks libfuse module in flatpak Status in apparmor package in Ubuntu: New Bug description: Upgrading to Kubuntu 24.10 with apparmor (4.1.0~beta5-0ubuntu14) breaks the flatpak app org.cryptomator.Cryptomator due to `/etc/apparmor.d/fusermount3`. ``` Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:213): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="dev/null" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:214): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="apparmor/.null" pid=2359 comm="fusermount3" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:215): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="dev/null" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:216): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="app/Cryptomator/lib/runtime/lib/modules" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:217): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2359 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:218): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2359 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="unpriv_bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:219): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="app/Cryptomator/lib/runtime/lib/modules" pid=2365 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:220): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="apparmor/.null" pid=2365 comm="fusermount3" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:221): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2365 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:222): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2365 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="unpriv_bwrap" ``` Original bug report: https://github.com/cryptomator/cryptomator/issues/3856 When I change the profile to complain mode, Crptomator does work flawlessly: ralph@kubuntu:~$ sudo aa-complain /etc/apparmor.d/fusermount3 Setting /etc/apparmor.d/fusermount3 to complain mode. Upgrading apparmor to apparmor (4.1.0~beta5-0ubuntu15) does not change anything. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2111205/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
