So it appears that to load a PKCS11 module in snap packaged FireFox requires: 1) "/run/user/[0-9]*/** mr," 2) "/run/pcscd/pcscd.comm rw," (if module uses pcscd) 3) absolute path (i.e. no symlinks) to the module 4) all libs the module may need to be in the snap base
To test if (4) is correct: https://launchpad.net/~ascaneo can you run "ldd /usr/lib/libeToken.so.10.7.77" https://launchpad.net/~liuck can you run "ldd /usr/lib/bit4id/libbit4xpki.so" I posted the output of "ldd opensc-pkcs11.so" in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/18 It requires "libopensc.so.8 => /lib/x86_64-linux-gnu/libopensc.so.8" which is most likely not in the snap package base as per https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/17 So how should a snap package handle arbitrary pkcs11 packages that require libs that would have been installed in a traditional install, but are not by snap packaging? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1967632 Title: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication Status in Mozilla Firefox: Unknown Status in firefox package in Ubuntu: Triaged Bug description: I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
