Firefox permission issue in Ubuntu 22.04.1

After upgrading to Ubuntu 22.04.1 Firefox does not start in my system. I was suggested to adress the question in this forum. Here what happens when I try to start Firefox from terminal:

renato@renato-System-Product-Name:~$ ls -ld ~/s drwxr-xr-x 2 renato renato 4096 nov 21 2017 /home/renato/Musica drwxrwxr-x 14 renato renato 4096 nov 29 2014 /home/renato/sane-backends -rw-rw-r-- 1 renato renato 12886 giu 13 2020 ‘/home/renato/Senza nome 1.ods’ renato@renato-System-Product-Name:~$ firefox 2022/08/18 19:01:13.873534 cmd_run.go:1044: WARNING: cannot create user data directory: cannot create snap home dir: mkdir /home/renato/snap: permission denied cannot create user data directory: /home/renato/snap/firefox/1670: Permission denied renato@renato-System-Product-Name:~$ sudo dmesg | tail [sudo] password di renato: [ 1183.753837] audit: type=1400 audit(1660834022.299:83): apparmor=“ALLOWED” operation=“file_perm” profile=“libreoffice-soffice” name="/run/user/1000/at-spi/bus_1" pid=3383 comm=“soffice.bin” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000 [ 1192.488029] audit: type=1400 audit(1660834031.035:84): apparmor=“ALLOWED” operation=“open” profile=“libreoffice-soffice” name="/home/renato/.thunderbird/profiles.ini" pid=3383 comm=“soffice.bin” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000 [ 1192.490645] audit: type=1400 audit(1660834031.035:85): apparmor=“ALLOWED” operation=“open” profile=“libreoffice-soffice” name="/home/renato/.thunderbird/ip460wwb.default/cert9.db" pid=3383 comm=“soffice.bin” requested_mask=“wrc” denied_mask=“wrc” fsuid=1000 ouid=1000 [ 1192.490658] audit: type=1400 audit(1660834031.035:86): apparmor=“ALLOWED” operation=“file_lock” profile=“libreoffice-soffice” name="/home/renato/.thunderbird/ip460wwb.default/cert9.db" pid=3383 comm=“soffice.bin” requested_mask=“k” denied_mask=“k” fsuid=1000 ouid=1000 [ 1192.491145] audit: type=1400 audit(1660834031.039:87): apparmor=“ALLOWED” operation=“open” profile=“libreoffice-soffice” name="/home/renato/.thunderbird/ip460wwb.default/key4.db" pid=3383 comm=“soffice.bin” requested_mask=“wrc” denied_mask=“wrc” fsuid=1000 ouid=1000 [ 1192.491147] audit: type=1400 audit(1660834031.039:88): apparmor=“ALLOWED” operation=“file_lock” profile=“libreoffice-soffice” name="/home/renato/.thunderbird/ip460wwb.default/key4.db" pid=3383 comm=“soffice.bin” requested_mask=“k” denied_mask=“k” fsuid=1000 ouid=1000 [ 1192.836753] audit: type=1400 audit(1660834031.383:89): apparmor=“ALLOWED” operation=“open” profile=“libreoffice-soffice” name="/usr/share/zoneinfo-icu/44/le/zoneinfo64.res" pid=3383 comm=“soffice.bin” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=0 [ 1192.836756] audit: type=1400 audit(1660834031.383:90): apparmor=“ALLOWED” operation=“open” profile=“libreoffice-soffice” name="/usr/share/zoneinfo-icu/44/le/timezoneTypes.res" pid=3383 comm=“soffice.bin” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=0 [ 9235.337339] audit: type=1400 audit(1660842073.870:91): apparmor=“DENIED” operation=“capable” profile="/usr/lib/snapd/snap-confine" pid=4582 comm=“snap-confine” capability=12 capname=“net_admin” [ 9235.337344] audit: type=1400 audit(1660842073.870:92): apparmor=“DENIED” operation=“capable” profile="/usr/lib/snapd/snap-confine" pid=4582 comm=“snap-confine” capability=38 capname=“perfmon” renato@renato-System-Product-Name:~$

Thank you for help. If possible adress it to my mail (due to the problem I can’t access to browsers): renato.rocci@libero.it

This is a known issue and it’s Snap’s fault; if your home directory is not the same as $HOME, or involves a symbolic link or anything else accept the most basic cases.

The only fix is to move your home directory to conform to Snap’s restricted view of the world, or remove the Ubuntu Firefox snap and go back to installing the binary direct from Mozilla.

renato@renato-System-Product-Name:~$ pwd /home/renato renato@renato-System-Product-Name:~$

How can i do “to move my home directory”?

Can you share the output of the following commands?

echo $HOME

ls -la /home

not really … snap does not care about your home.

apparmor (which is a kernel feature snap packages use to protect file access) does though …

@Renato can you paste the full output (all lines) the command snap version returns ? also … if you paste something in this forum, please make sure to add three backticks ``` above and below the pasted text, that way the formatting will not get lost and we can read it a lot easier …

can you point to the place where i claim that ? i’m just pointing out that this is not a snap problem but that issues with uncommon home dirs are a problem with one of the underlying security mechanisms it uses … this “problem” is way way older than snap packages even exist:

PS: note that the above log (as hard to read as it is) does not even seem to point to a snap issue at all but is possibly just an actual permission issue with the home dir (or a readonly disk issue with the partition the home dir lives on) … but there is not enough information yet to judge what exactly the error is, which is why we did ask for more info …

I’m going to hazard a guess that this is either:

  • an encfs home folder, or other type of filesystem that uses a fuse-based mount.
  • permissions on /home or /home/renato are set to not allow “other” read and traversal (r-x).
1 Like

‘’'renato@renato-System-Product-Name:~$ ls -la /home totale 28 drwxr-xr-x 4 root root 4096 dic 16 2020 . drwxr-xr-x 20 root root 4096 dic 16 2020 … drwx------ 2 root root 16384 dic 16 2020 lost+found dr-xr-xr-x 45 renato renato 4096 nov 24 2020 renato renato@renato-System-Product-Name:~$

‘’’

‘’‘renato@renato-System-Product-Name:~$ echo $HOME /home/renato renato@renato-System-Product-Name:~$ ls -la /home totale 28 drwxr-xr-x 4 root root 4096 dic 16 2020 . drwxr-xr-x 20 root root 4096 dic 16 2020 … drwx------ 2 root root 16384 dic 16 2020 lost+found dr-xr-xr-x 45 renato renato 4096 nov 24 2020 renato renato@renato-System-Product-Name:~$ ‘’’

looks like @lucyllewy is correct here (as usual :slight_smile: )…

this home dir has no write permissions set at all

2 Likes

-------- Messaggio Inoltrato --------

‘’‘renato@renato-System-Product-Name:~$ chmod u+w home/renato/ chmod: impossibile accedere a ‘home/renato/’: File o directory non esistente renato@renato-System-Product-Name:~$ echo $HOME /home/renato renato@renato-System-Product-Name:~$ chmod u+w home/renato chmod: impossibile accedere a ‘home/renato’: File o directory non esistente renato@renato-System-Product-Name:~$ snap version snap 2.56.2+22.04ubuntu1 snapd 2.56.2+22.04ubuntu1 series 16 ubuntu 22.04 kernel 5.15.0-46-generic renato@renato-System-Product-Name:~$ ‘’’ Il 19/08/22 16:41, Manfred Hampl ha scritto:

renato@renato-System-Product-Name:~$ chmod u+w /home/renato renato@renato-System-Product-Name:~$ ls -l /home totale 20 drwx------ 2 root root 16384 dic 16 2020 lost+found drwxr-xr-x 46 renato renato 4096 ago 20 09:02 renato renato@renato-System-Product-Name:~$

Everything works! Thank you very much!

4 Likes

“not really … snap does not care about your home.”

The distinction between Snap and AppArmour is not really much help when things that used to work stop :slight_smile:

The bug is logged against Snap, for instance, Bug #1620771 “when /home is somewhere else, snaps don't work” : Bugs : snapd although threads like https://askubuntu.com/a/1030073/394010 point at AppArmour changes.

Note this issue has been open for 7 years, and not fixed.

it would need massive changes in the kernels security layer … there is not much snapd can actually do about it because it is only a consumer of the kernel feature …

Regardless, when many people report the same problem with an OS update, it would beg the question “what did they do that makes a significant number of users suddenly unable to use one or more programs?” When you can easily find instructions on how to bypass the snap version, and use the deb version without any problems, what would you say that says about the “improvements”?

I’m not really sure what you want to discuss with me here.

someone made a very generalized statement about “permission denied” in the home dir being “a known issue” and being “snaps fault” (and then pointing to an appramor limitation in that post) … neither is true and the debugging and fixing in this thread showed this …

all i did was pointing to the correct place the aforementioned limitation comes from, which triggered you to attack me for “implying it would be a rare problem with firefox” … which is again nothing i did do at all (but if this came across anywhere between my lines, i do apologize, this was not intended).

the problem has been fixed, it was not related to snaps or firefox at all but caused by broken permissions of the OPs home dir in general.

is there any reason to keep this thread alive for anything ?

1 Like

I didn’t mean any disrespect, and I apologize if it came across that way. I was most definitely NOT attacking you. All I’m saying is that the program is broken, and although you posted a potential fix, people report that fix as not working. No discussion, just what I meant to be a thoughtful comment. Based on the speed of your replies, I’m guessing that you may work for Canonical. While I think they have had a consistently good product, in this instance, my personal belief is that they’ve dropped the ball. And, looking at the fact that there are posts going back to April reporting the same problem, they don’t appear to be interested in issuing a patch to fix it. Having to go looking for a fix for a commonly used program, after a major update to an operating system, is just not acceptable.

i’m still not sure what you are talking about, the issue in question has been fixed by fixing the missing write permission in the OPs home …

i doubt anyone has posted a problem with lost write permissions “back since april” …

if you are actually talking about something not related to this thread, pretty please start a new one with a proper title and description (they are free :wink: ).

i do have a hard time understanding what you refer to and you seem to be mixing several issues/points …

if you want to discuss firefox being a snap in general, there are two or three threads on discourse.ubuntu.com already discussing limitations, workarounds, bugs and solutions … and the FF maintainers read along over there.

1 Like

Forget it. You clearly don’t understand, go look at the link I posted.