Guys, it works for me! It's weird but somehow it works :-) More than my previous not working comment https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/9 I have added:
- the libacsccid1 package - rw access to the unix socket /run/pcscd/pcscd.comm in the apparmor profile Summarizing the solution again: # apt install libacsccid1 pcscd # mkdir /etc/apparmor.d/abstractions/p11-kit.d/ # echo "/run/user/[0-9]*/** mr," > /etc/apparmor.d/abstractions/p11-kit.d/snap # echo "/run/pcscd/pcscd.comm rw," >> /etc/apparmor.d/abstractions/p11-kit.d/snap add "#include <abstractions/p11-kit>" in /var/lib/snapd/apparmor/profiles/snap.firefox.firefox after #include <abstractions/openssl> # apparmor_parser -v -C -r /var/lib/snapd/apparmor/profiles/snap.firefox.firefox Then in Firefox -> Settings -> Privacy and Security -> Security devices Load -> name: ACS ACR38U in my case, but can be anything you want, module: /usr/share/bit4id/x/libbit4xpki.so That's for my card, my reader and my module. And note: my FF is in Italian, translation may differ a bit in English. Further weird notes: 1. The first time I try to access after a reboot, I go to the webpage https://dichiarazioneprecompilata.agenziaentrate.gov.it and FF ask me for the PIN (with a system dialog). I insert the PIN and FF ask me again for the PIN in an infinite cycle, I have to kill FF. But the second time and following times I access the page it works like a charm even in Incognito mode. Weird, but I can live with it. I seldom use smart card. 2. Another strange thing that happened while I was trying to isolate the right steps to publish here is that I removed rw access to pcscd.comm socket in apparmor profile and FF kept working! Even after a restart, and even in Incognito mode. So I have rebooted the system in order to be sure that rw access to the socket would be a requirement, and that's it. 3. I don't know why Firefox does not let me load the /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so module. It complains with the message "Unable to add module" :-( even if I add `/usr/lib/x86_64-linux-gnu/** rm,` in /etc/apparmor.d/abstractions/p11-kit.d/snap apparmor profile. Differences between opensc-pkcs11.so and libbit4xpki.so file /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/bit4id/libbit4xpki.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=de5eb51ea9145d2bfd9428110736825895bb56f4, stripped /usr/lib/bit4id/libbit4xpki.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=825713056df8eb66f78817284b4ec2c7a2d8c26b, not stripped My environment is: Ubuntu 22.04.1 LTS Codename: jammy Mozilla Firefox 104.0 I think that's all my story, if there is something else or attempts I can make in my environment, please ask, I remain here available. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1967632 Title: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication Status in Mozilla Firefox: Unknown Status in firefox package in Ubuntu: Triaged Bug description: I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
