Closed Bug 1768303 Opened 3 years ago Closed 10 months ago

Firefox snap version on Ubuntu 22.04 is unable to read local documentation

Categories

(Firefox Build System :: Third Party Packaging, defect, P4)

Product:
Firefox Build System
Component:
Third Party Packaging
Version:
Firefox 100
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: zingam, Assigned: gerard-majax)

References

(Blocks 2 open bugs,
URL
)

Details

Attachments

(1 file)

Screenshot on 2022-05-13 at 20:14:41.png
128.09 KB, image/png
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0

Steps to reproduce:

I am trying to use Rusts' rustup doc command to read documentation but Firefox is unable to access it:

https://github.com/rust-lang/rust/issues/61796

It looks this issue is related to the snap package settings.

Actual results:

Access to the file was denied

The file at /home/isto/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/share/doc/rust/html/index.html is not readable.

It may have been removed, moved, or file permissions may be preventing access.

Expected results:

I expect that I can use Firefox to read local documentation/HTML in whatever directory it is.

Blocks: snap
Type: enhancement → defect
Component: Untriaged → Networking: File
OS: Unspecified → Linux
Product: Firefox → Core
Hardware: Unspecified → x86_64
Component: Networking: File → Widget: Gtk

Is there a workaround for this except installing an alternative browser?

Use an official build from https://www.mozilla.org/en-US/firefox/new/ rather than a snap, probably

(In reply to zingam from comment #2)

Is there a workaround for this except installing an alternative browser?

As much as I can tell, $HOME access is granted except for . folders. This is a Snap sandboxing limitation.

Blocks: snap-sandbox

Olivier, I've learnt about this https://forum.snapcraft.io/t/the-personal-files-interface/9357 but I worry this is not really going to scale. Given this current bug is about rust doc, maybe we could still have that interface implemented for a few well-known directories like this ?

URL: https://forum.snapcraft.io/t/the-pers...
Flags: needinfo?(olivier)

I think the system-packages-doc interface is better suited for this.
This doesn't scale any better though, unfortunately.

As a workaround, try bind-mounting ~/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/share/doc/rust/html/ to e.g. ~/rust-doc. That folder should be accessible in firefox packaged as a snap.

Flags: needinfo?(olivier)

Hello! I have tried to reproduce the issue with firefox 107.0a1(2022-10-14) on Ubuntu 22.04, unfortunately I wasn't able to reproduce it. Could you please answer the following questions in order to further investigate this issue.

  1. Does this issue happen with a new profile? Here is a link on how to create one: https://support.mozilla.org/en-US/kb/profile-manager-create-remove-switch-firefox-profiles
  2. Does this issue happen in the latest nightly? Here is a link from where you can download it: https://www.mozilla.org/en-US/firefox/channel/desktop/
  3. Do you have any addons installed if so can you list them?
Flags: needinfo?(zingam)

I found another manifestation of this sandbox misfeature related to Wine applications' release notes. When OpenMPT is installed in Wine, it attempts to open an HTML document containing release notes in the default browser. Snap confinement blocks Firefox from reading files in the hidden folder containing the Wine C drive.

environment: Firefox 107.0 (64-bit) Snap on Xubuntu 22.04 LTS

steps:

  1. Install Wine
  2. Install OpenMPT https://openmpt.org/
  3. At the end of the install wizard, ensure that view release notes is checked

expected: release notes appear

actual: an error page

Access to the file was denied

The file at /home/pino/.wine/drive_c/Program Files/OpenMPT/Release Notes.html is not readable.

  • It may have been removed, moved, or file permissions may be preventing access.

I performed these steps to confirm that the edge channel Snap package shows a behavior difference between loading the same file from within ~/.wine and a non-hidden folder.

  1. sudo snap refresh --edge firefox
  2. firefox --version returned Mozilla Firefox 109.0a1
  3. firefox about:profiles and create a brand new profile
  4. Verify that no extensions are installed in this new profile
  5. Attempt to view /home/pino/.wine/drive_c/Program Files/OpenMPT/Release Notes.html - "Access to the file was denied"
  6. Copy the file to the desktop and view /home/pino/Desktop/Release Notes.html - loads as expected
  7. Attempt to revert my changes (sudo snap refresh --stable firefox)
  8. Be notified that my primary profile has been silently and irreversibly upgraded, then race against the clock to sign into webmail within five minutes after signing into Firefox Sync
Flags: needinfo?(zingam)
Assignee: nobody → lissyx+mozillians
Severity: -- → S3
Component: Widget: Gtk → Third Party Packaging
Priority: -- → P4
Product: Core → Firefox Build System

Amin, the more I look at that, the more I think that maybe the correct fix would be similar to bug 1800350

Flags: needinfo?(bandali)

Right, I believe blocking access to hidden files is indeed the intended behaviour with snap sandboxing; I'm not entirely sure what would be the best course of action here. Seb?

Flags: needinfo?(bandali) → needinfo?(seb128)

Right, that's by design. We can continue whitelisted known directories as pointed out before but a real solution would rely be provided either by going through portals to open files or it might be solved by the apparmor prompting work when that is ready

Flags: needinfo?(seb128)
Duplicate of this bug: 1849961
No longer duplicate of this bug: 1849961

Merged and will get fixed when snapd 2.62 gets released: https://github.com/snapcore/snapd/pull/13130

Status: UNCONFIRMED → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: