Snap can browse network share, but cannot read/write there
Categories
(Core :: Widget: Gtk, defect, P3)
Tracking
()
People
(Reporter: mw, Assigned: gerard-majax)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
Steps to reproduce:
- Run Firefox (version 99.0 or 100.0b9) as a Snap package in Ubuntu 22.04 (upgraded from 21.10)
- Have a SMB file server available where the network shares can be mounted just by clicking on the share in Nautilus file manager (smb:// protocol, usually mounted dynamically via
/var/run/user/.../gvfs/...
) - Have one such share mounted and writable
- Open any website containing images in Firefox
- Right-click on an image and select "Save Image As..."
- In the file save dialog, navigate to the mounted share
- Assert content of network share is visible and browsable from within the save dialog
- Select "Save" at any folder in the network share
Actual results:
- File is not saved to selected network share location
- No file download entry is created in "Downloads"
- No error is shown
Expected results:
- File is saved to selected network share location
- No error is shown
Additional information:
- When saving to a folder on the local machine instead, saving works correctly as expected
- In contrast to files, new folders that are created from within the save dialog are saved correctly on the network share
Output of journalctl -f | grep DEN
when trying to save to the network share is as follows:
Mai 04 11:30:18 athlon audit[5959]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=5959 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mai 04 11:30:18 athlon kernel: audit: type=1400 audit(1651656618.225:90): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/run/mount/utab" pid=5959 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mai 04 11:30:18 athlon audit[1151]: USER_AVC pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon audit[1151]: USER_AVC pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon audit[1151]: USER_AVC pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon audit[1151]: USER_AVC pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon kernel: audit: type=1107 audit(1651656618.313:91): pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon kernel: audit: type=1107 audit(1651656618.313:93): pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon kernel: audit: type=1107 audit(1651656618.313:95): pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
Mai 04 11:30:18 athlon kernel: audit: type=1107 audit(1651656618.313:97): pid=1151 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.231" pid=5959 label="snap.firefox.firefox" peer_pid=12048 peer_label="unconfined"
For debugging purposes I added and activated the following changes for the Firefox apparmor profile:
/run/mount/utab r,
/etc/fstab r,
dbus (send)
bus=system
path=/org/freedesktop/hostname1
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(label=unconfined),
Now the apparmor deny messages no longer appear in the journal but saving files to the network share still does not do anything as before.
Comment 3•3 years ago
|
||
Thanks for the report Markus. In contrast to saving, does opening files from a network share work within firefox?
Just checked, that's not working either.
To test, I open a new tab, press Ctrl + O to get the "Open File" dialog, browse to the network share and double-click e.g. a .png file. The file dialog then closes and nothing else happens. The image is not opened.
If I do the same steps with an image on the local drive, it opens fine.
In summary, the only thing that works on the network share is creating a new folder from within the "Save" file dialog.
Comment 5•3 years ago
|
||
I've set up a samba share on my machine and I can confirm the problem. The share can be browsed, but files on it aren't opened, and there's no user feedback.
Updated•3 years ago
|
Updated•3 years ago
|
I just upgraded Ubuntu from 21.10 to 22.04, and now Chrome (deb), Thunderbird (snap), and FireFox (snap) will not open nor save to any network drives (a home Ubuntu server); all of these apps read/saved to the same server before the upgrade this afternoon. So, "me too", but also it may not be limited to FF, snaps, or even Mozilla, since my Chrome install behaves similarly.
Updated•3 years ago
|
Updated•3 years ago
|
(In reply to Al Savage from comment #6)
[...] it may not be limited to FF, snaps, or even Mozilla, since my Chrome install behaves similarly.
You are right, this is actually affecting other applications, too. I get the exact same behavior described in the steps to reproduce when using Chromium installed via snap: Local files open fine, opening files on network shares does not trigger any reaction.
Should this issue here remain open?
[snap] Firefox's File|Open dialogue shows missing information in the Location column for Recent files that are non-local.
[.deb] Chrome shows exactly the same behaviour on this workstation.
(I also filed bug 1768492 for the File|Open dialogue resizing 244px larger every time you open it, until it fills the viewport.)
I've spun up a fresh 22.04 install in a VM, then run the snap version of ff 100 (on the right) and ff 100 from linux binaries (on the left). The file picker is different between the two versions; the binaries version shows fewer network share aliases, and this binaries version can successfully read and write to network shares.
The snap version's file picker shows aliases for network shares (and a printer) and will navigate into those folders and show files, but when a file is chosen to open, ff does not read the file and does not display an error.
Comment 10•3 years ago
|
||
In "File pickers comparison 2", I show that the two file pickers (ff run from linux binaries vs the snap package) sort files in a different order, have different options at the bottom, and the bottom window corners are either square or rounded.
The snap's file picker resizes poorly here, as well.
I ran the ff linux binaries version using the suggestion from https://bugzilla.mozilla.org/show_bug.cgi?id=1768500#c5
Comment 11•3 years ago
|
||
In the fresh VM, I just installed Chrome (google-chrome) from binaries, and it too uses the troublesome file picker, and has the same issues ("sees" network shares files but does not read them; resizes poorly; window enlarges by 244px both H & V every time it's invoked).
Updated•3 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 12•2 years ago
|
||
(In reply to Al Savage from comment #9)
The snap version's file picker shows aliases for network shares (and a printer) and will navigate into those folders and show files, but when a file is chosen to open, ff does not read the file and does not display an error.
Can you have a look at journalctl
when reproducing and see if you hit https://bugzilla.mozilla.org/show_bug.cgi?id=1773624#c1 ? i'm wondering if there's not a bug either in xdg-desktop-portal
or in how we communicate to it
Reporter | ||
Comment 13•2 years ago
|
||
(In reply to Alexandre LISSY :gerard-majax from comment #12)
Can you have a look at
journalctl
when reproducing and see if you hit https://bugzilla.mozilla.org/show_bug.cgi?id=1773624#c1 ? i'm wondering if there's not a bug either inxdg-desktop-portal
or in how we communicate to it
Can confirm getting this journal entry on my side. See https://bugzilla.mozilla.org/show_bug.cgi?id=1773624#c9
Assignee | ||
Comment 14•2 years ago
|
||
Thanks, so I think we can safely assume, given the same error message, that this is just a dupe.
Comment 15•2 years ago
|
||
I don't understand how this bug, opened 24 days ago, becomes a duplicate of a bug (1773624) that was opened nine hours ago; it would seem the other way round. But, I'm glad you're looking at them.
Assignee | ||
Comment 16•2 years ago
|
||
(In reply to Al Savage from comment #15)
I don't understand how this bug, opened 24 days ago, becomes a duplicate of a bug (1773624) that was opened nine hours ago; it would seem the other way round. But, I'm glad you're looking at them.
Because I filed it and started working on it and shared progress on bug 1773624, and just found after about others, and I was unsure whether it was the same root cause until I get more infos.
Description
•