Public bug reported: Upgrading to Kubuntu 24.10 with apparmor (4.1.0~beta5-0ubuntu14) breaks the flatpak app org.cryptomator.Cryptomator due to `/etc/apparmor.d/fusermount3`.
``` Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:213): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="dev/null" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:214): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="apparmor/.null" pid=2359 comm="fusermount3" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:215): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="dev/null" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:216): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="app/Cryptomator/lib/runtime/lib/modules" pid=2359 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:217): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2359 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.499:218): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2359 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="unpriv_bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:219): apparmor="DENIED" operation="file_inherit" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="app/Cryptomator/lib/runtime/lib/modules" pid=2365 comm="fusermount3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:220): apparmor="DENIED" operation="open" class="file" info="Failed name lookup - disconnected path" error=-13 profile="fusermount3" name="apparmor/.null" pid=2365 comm="fusermount3" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:221): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2365 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="bwrap" Mai 18 07:04:12 kubuntu kernel: audit: type=1400 audit(1747544652.539:222): apparmor="DENIED" operation="file_inherit" class="net" profile="fusermount3" pid=2365 comm="fusermount3" family="unix" sock_type="stream" protocol=0 requested="send receive" denied="send receive" addr=none peer_addr=none peer="unpriv_bwrap" ``` Original bug report: https://github.com/cryptomator/cryptomator/issues/3856 When I change that the profile to complain mode, Crptomator does work flawlessly: ralph@kubuntu:~$ sudo aa-complain /etc/apparmor.d/fusermount3 Setting /etc/apparmor.d/fusermount3 to complain mode. Upgrading apparmor to apparmor (4.1.0~beta5-0ubuntu15) does not change anything. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2111205 Title: fusermount3 profile blocks libfuse module in flatpak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2111205/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
