Ubuntu 23.04: Firefox snap cannot use openjdk documentation because resources are hosted outside of allowed snap sandbox
Categories
(Firefox Build System :: Third Party Packaging, defect)
Tracking
(Not tracked)
People
(Reporter: vladimir.petko, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Steps to reproduce:
- Install firefox snap 116.0.3-2
snap install firefox - Install openjdk-21 documentation
sudo apt install openjdk-21-doc - Browse API documentation
firefox /usr/share/doc/openjdk-21-doc/api/index.html
Actual results:
The search bar is inactive
Console contains
Loading failed for the <script> with source “file:///usr/share/doc/openjdk-21-jre-headless/api/script-dir/jquery-3.6.1.min.js”.
$ls -l /usr/share/doc/openjdk-21-jre-headless/api/script-dir/jquery-3.6.1.min.js
lrwxrwxrwx 1 root root 43 Mar 17 13:31 /usr/share/doc/openjdk-21-jre-headless/api/script-dir/jquery-3.6.1.min.js -> ../../../../javascript/jquery/jquery.min.js
cat /usr/share/doc/openjdk-21-jre-headless/api/script-dir/jquery-3.6.1.min.js
prints the file contents
Downloaded version of firefox opens documentation with active search bar and no javascript errors
/tmp/firefox/firefox /usr/share/doc/openjdk-21-doc/api/index.html
Expected results:
Firefox snap should be able to follow symlink and correctly load OpenJDK API documentation.
Comment 1•8 months ago
|
||
Hello! I have tried to reproduce the issue with firefox 118.0a1(2023-08-25) on Ubuntu 22.04, unfortunately I wasn't able to reproduce the issue on my end. Could you please answer the following questions in order to further investigate this issue.
- Does this issue happen with a new profile? Here is a link on how to create one: https://support.mozilla.org/en-US/kb/profile-manager-create-remove-switch-firefox-profiles
- Does this issue happen in the latest nightly? Here is a link from where you can download it: https://www.mozilla.org/en-US/firefox/channel/desktop/
- Do you have any addons installed? If yes could you please list them?
Reporter | ||
Comment 2•8 months ago
|
||
Hi,
Latest version of firefox downloaded from the site works fine.
This bug relates to the snap version of firefox that does not have sufficient permissions to follow symlinks.
Please install firefox via snap install firefox
(see steps to reproduce).
Best Regards,
Vladimir.
Comment 3•7 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox Build System::Third Party Packaging' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 4•7 months ago
|
||
Hello Vladimir! I have installed firefox with snap install but on the second step I can't install the program. Could you please provide a video or a screen shot with the issue?
Thank you!
Reporter | ||
Comment 5•7 months ago
|
||
Reporter | ||
Comment 6•7 months ago
|
||
Please use sudo apt install openjdk-17-doc
as the second step (see screenshot).
Comment 7•7 months ago
|
||
The severity field is not set for this bug.
:gerard-majax, could you have a look please?
For more information, please visit BugBot documentation.
Comment 8•7 months ago
|
||
Vladimir, please refer to your colleagues.
Comment 9•7 months ago
|
||
This is just another case of directory being blocked by snap sandbox
Comment 10•7 months ago
|
||
Looks like this is another case https://bugzilla.mozilla.org/show_bug.cgi?id=1768303#c12
Comment 11•6 months ago
|
||
Right, it seems another case of directory not available from within the sandbox, we should perhaps consider allowing read access to /usr/share/doc
Updated•6 months ago
|
Comment 13•6 months ago
|
||
(In reply to seb128 from comment #11)
Right, it seems another case of directory not available from within the sandbox, we should perhaps consider allowing read access to /usr/share/doc
/usr/share/doc
is already allowed: https://github.com/snapcore/snapd/blob/4dba256bd08383a966d414a75e8ffbd5e172b355/interfaces/builtin/system_packages_doc.go#L88-L92
Comment 14•6 months ago
|
||
Ok, the problem is that the symlink is outside what is allowed:
$ alex@portable-alex:~$ realpath /usr/share/doc/openjdk-21-jre-headless/api/script-dir/jquery-3.6.1.min.js
/usr/share/javascript/jquery/jquery.min.js
I'm not really sure what we can do there ...
Comment 15•6 months ago
|
||
There isn't really a solution there until snapd or portal provide a framework to be able to access the content of random directories outide of the confinement space...
Comment 16•6 months ago
|
||
There is a merge request for allowing /usr/share/javascript/jquery/, https://github.com/snapcore/snapd/pull/13130.
Updated•6 months ago
|
Updated•6 months ago
|
Comment 17•2 months ago
|
||
(In reply to Nathan Teodosio :nteodosio from comment #16)
There is a merge request for allowing /usr/share/javascript/jquery/, https://github.com/snapcore/snapd/pull/13130.
it should now be merged soon
Comment 18•1 month ago
|
||
Merged and will get fixed when snapd 2.62 gets released: https://github.com/snapcore/snapd/pull/13130
Description
•