Andreas, thank you for your response. As in my previous message, we cannot expect such a hack to work outside of 22.04, I updated the description, sorry for wasting your time with that.
Then, it doesn't matter if /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 is in the host, the snap is on core22 and only sees /snap/core22/current/lib/x86_64-linux-gnu/libcrypto.so.3. In any case your comment is very valuable as it gives us a list of libraries required by a module outside the our open-source archive that we should keep in mind when ironing this out. ** Description changed: - For 22.04 we believe the best solution/work-around at the moment is: + For 22.04, if your smart card is supported by OpenSC + (https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart- + cards-and-USB-tokens%29), we believe the best solution/work-around at + the moment is: sudo apt install opensc-pkcs11 sudo snap refresh --edge firefox sudo snap connect firefox:pcscd cp /usr/lib/*/opensc-pkcs11.so $HOME/snap/firefox/common Then load the module from that path, i.e. $HOME/snap/firefox/common/opensc-pkcs11.so. If you get "unable to load module" make sure you are the owner of the file: chown "$(id -u)" $HOME/snap/firefox/common/opensc-pkcs11.so Please report whether this solves the issue. The part of copying the module to a snap-readable location is clumsy and we will work on a more proper solution to that. And of course, to make this series-independent. ---- I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux- gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1967632 Title: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication Status in Mozilla Firefox: Confirmed Status in chromium-browser package in Ubuntu: Triaged Status in firefox package in Ubuntu: Triaged Bug description: For 22.04, if your smart card is supported by OpenSC (https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart- cards-and-USB-tokens%29), we believe the best solution/work-around at the moment is: sudo apt install opensc-pkcs11 sudo snap refresh --edge firefox sudo snap connect firefox:pcscd cp /usr/lib/*/opensc-pkcs11.so $HOME/snap/firefox/common Then load the module from that path, i.e. $HOME/snap/firefox/common/opensc-pkcs11.so. If you get "unable to load module" make sure you are the owner of the file: chown "$(id -u)" $HOME/snap/firefox/common/opensc-pkcs11.so Please report whether this solves the issue. The part of copying the module to a snap-readable location is clumsy and we will work on a more proper solution to that. And of course, to make this series-independent. ---- I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux- gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
