Firefox no write access to /media although interface present

Disk mount point is in /media tree. Mount point owner changed to user who starts Firefox snap.
It was verified also that all processes started as Firefox snap run under same user.
Downloads from web sides visited using Firefox can’t be stored to mentioned disk with mount point in /media tree although snap connections firefox command output
presents firefox:removable-media in column plug yet :removable-media in column slot - for command output line removable-media. This is connection is established automatically at system start.
It doesn’t help to disconnect Firefox from removable-media slot then reconnect it manually.
No problems to save downloaded files to home directory.

Which configuration might we still miss?

Firefox snap 89.0.2-1
Manjaro 21.0 XFCE

was it also verified that the user can actually store files from a graphical application … i.e. a file manager … on that device ?

You’re right myself missed this detail. Sorry for that.
Yes, user can store download to home subfolder named Downloads then copy it to addressed sub-directory of /media using operating system GUI file explorer.

Mountpoint access flags: 755.

From Firefox how do you specify the final location for your download ?

Is this something like → Personal Folder → place of your choice ?

Or the real « full path » to final location ? Then something like → Computer → media → mountpoint → place of your choice ?

What error does firefox display when it fails to write to that location under /media ?
Can you check for apparmor denials in the system journal when that happens? (you can run journalctl -f | grep DEN in a terminal while reproducing the problem, and share the relevant output here)

User encounters presented problem regardless which favor of Download settings or favor of download proceeding is used. In both areas addressed is only storing to disk file, never opening in document viewer.

Something like “you are not rights to save to that location” or similar sounding (sorry I didn’t memorized exact text flow). Journal will be checked for apparmor logs at next nearest occasion - thanks for the hint. Reporting will follow.

Thanks for proposal.

Error displayed by Firefox: “The file could not be saved because you dont have the proper permissions. Choose another save directory.”

Firefox snap has strict confinement - snap maintainer default confinement. I wonder why enabled interface to removable-media does not help to overcome that confinement.

jul 10 14:15:48 maccinu audit[4185]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:15:48 maccinu kernel: audit: type=1400 audit(1625919348.114:261): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:15:48 maccinu audit[4185]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:15:48 maccinu kernel: audit: type=1400 audit(1625919348.118:262): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:15:48 maccinu audit[4185]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:15:48 maccinu kernel: audit: type=1400 audit(1625919348.261:266): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=4185 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Alternatively, if to mount Virtual Box host share to some /media subtree - user is in group vboxsf, latter one rwx rights to mount point. Firefox snap processes/threads run as that user.

jul 10 14:11:42 maccinu audit[3631]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:11:42 maccinu audit[3631]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:11:42 maccinu kernel: audit: type=1400 audit(1625919102.418:238): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:11:42 maccinu kernel: audit: type=1400 audit(1625919102.418:239): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:11:42 maccinu audit[3631]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jul 10 14:11:42 maccinu kernel: audit: type=1400 audit(1625919102.548:240): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=3631 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

I course of troubleshooting administrator teared down once the automatic connection firefox snap to removable-media plug. It was made in order to see if there is any difference if interface is built manually. Afterwards one can have manual setup of interface or no interface. Automatic interface setup is no more working. How to restore automatic interface setup?

See the description of the --forget switch in:
snap disconnect --help

Thanks for try. Unfortunately, results in interface not alive.

This post was flagged by the community and is temporarily hidden.

This post was flagged by the community and is temporarily hidden.

So your target folder for downloading things from Firefox is somewhere under /media ?

When Firefox as snap is launched by user toto, the target folder for downloads should be owned by user toto with rwx rights or at least be owned by a group including toto with rwx rights.

Hence
ls -la /media/target/folder
If target folder belongs to someone different than the launched Firefox’s user → access denied.