Indeed the fusermount3 profile shipped in plucky as well. Here is a
diff:
--- plucky-fusermount3 2025-09-09 21:23:48.000000000 +0000
+++ questing-fusermount3 2025-10-08 23:59:13.134538037 +0000
@@ -11,6 +11,7 @@
# Allow both rw and ro type mounts (e.g. AppImage uses ro)
#MS_DIRSYNC, MS_NOATIME, MS_NODIRATIME, MS_NOEXEC, MS_SYNCHRONOUS,
MS_NOSYMFOLLOW
+ # Below broad mount flags should be revisited once we have rule delegation
mount fstype=@{fuse_types} options=(nosuid,nodev) options in
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> @{HOME}/**/,
mount fstype=@{fuse_types} options=(nosuid,nodev) options in
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> /mnt/{,**/},
mount fstype=@{fuse_types} options=(nosuid,nodev) options in
(ro,rw,noatime,dirsync,nodiratime,noexec,sync) -> @{run}/user/@{uid}/**/,
@@ -27,19 +28,26 @@
umount /cvmfs/**/,
# Flatpak's default cache directory where it mounts a revokefs-fuse
- # The second revokefs rule cannot be parsed by aa-logprof currently
mount fstype=fuse options=(nosuid,nodev,rw) /dev/fuse ->
/var/tmp/flatpak-cache-*/**/,
mount fstype=fuse.revokefs-fuse options=(nosuid,nodev,rw) revokefs-fuse ->
/var/tmp/flatpak-cache-*/**/,
umount /var/tmp/flatpak-cache-*/**/,
+ # flatpak-builder uses rofiles-fuse
+ mount fstype=fuse.rofiles-fuse options=(nosuid,nodev,rw)
{rofiles-fuse,/dev/fuse} -> /var/tmp/test-flatpak-*/**/,
+ umount /var/tmp/test-flatpak-*/**/,
+
/dev/fuse rw,
+ # needed since libfuse 3.17.1-rc0 (LP: #2111845)
+ /usr/bin/mount ix,
+ /usr/bin/umount ix,
+
@{etc_ro}/fuse.conf r,
- @{PROC}/@{pid}/mounts r,
+ @{PROC}/@{pid}/{mounts,mountinfo} r,
- /usr/bin/fusermount3 mr,
+ @{exec_path} mr,
include if exists <local/fusermount3>
}
-# vim:syntax=apparmor
+# vim:ft=apparmor
And it's not the first time it needed changes because of flatpak:
https://bugs.launchpad.net/bugs/2100295
Going by d/changelog, the fusermount3 profile was first shipped in
plucky in
https://launchpad.net/ubuntu/+source/apparmor/4.1.0~beta4-0ubuntu3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2122161
Title:
error: Failed to install org.gnome.Platform: Could not unmount
revokefs-fuse filesystem at /var/tmp/flatpak-
cache-4EB3B3/org.gnome.Platform-EM6KC3: Child process exited with code
1
Status in Flatpak:
Unknown
Status in apparmor package in Ubuntu:
Confirmed
Status in flatpak package in Ubuntu:
Confirmed
Bug description:
hi i am a bug tester and wanted to install a program but then i got this error
here is my full log:
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.GL.default-FAB3B3: Child
process exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.GL.default-K8HAC3: Child
process exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-4EB3B3/org.freedesktop.Platform.openh264-D0P4B3: Child
process exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-4EB3B3/org.gnome.Platform.Locale-QP83B3: Child process
exited with code 1
Warning: Could not unmount revokefs-fuse filesystem at
/var/tmp/flatpak-cache-4EB3B3/org.gtk.Gtk3theme.Yaru-dark-M2N7B3: Child process
exited with code 1
error: Failed to install org.gnome.Platform: Could not unmount revokefs-fuse
filesystem at /var/tmp/flatpak-cache-4EB3B3/org.gnome.Platform-EM6KC3: Child
process exited with code 1
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: flatpak 1.16.1-2ubuntu1
ProcVersionSignature: Ubuntu 6.17.0-3.3-generic 6.17.0-rc3
Uname: Linux 6.17.0-3-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.33.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Fri Sep 5 20:07:19 2025
InstallationDate: Installed on 2025-09-04 (1 days ago)
InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Daily amd64 (20250903)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: flatpak
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/flatpak/+bug/2122161/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
