From 9d2aca794504042fa300acd197546714dcfbaf59 Mon Sep 17 00:00:00 2001 From: Georgia Garcia Date: Wed, 11 Jun 2025 17:41:00 -0300 Subject: [PATCH] profiles: add ix permissions for mount and umount on fusermount3 profile After an upgrade to libfuse 3.17.1-rc0, autopkgtests started to fail due to a missing x permission for /usr/bin/mount. After looking at the source code for fusermount, I noticed that it does call /bin/mount and /bin/umount in certain cases. These uses were already there in previous versions of libfuse but I'm still not sure why it hasn't triggered before. To reproduce it: sudo autopkgtest-buildvm-ubuntu-cloud -v -r questing autopkgtest archivemount -U --apt-pocket=proposed=src:fuse3 --shell-fail -- qemu autopkgtest-questing-amd64.img After the test fails, enter the vm by ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 10022 ubuntu@localhost You can reproduce the test by running cd /tmp/autopkgtest.*/build.*/src/ /tmp/autopkgtest.*/build.*/src/debian/tests/test Note that ix for mount and umount were enough to make the autopkgtest failures to start passing, but there could be issues in the future regarding the use of fs specific mount binaries like /usr/sbin/mount.fuse Fixes: http://bugs.launchpad.net/bugs/2111845 Signed-off-by: Georgia Garcia --- profiles/apparmor.d/fusermount3 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/profiles/apparmor.d/fusermount3 b/profiles/apparmor.d/fusermount3 index 7e34ac8f8..fd653db03 100644 --- a/profiles/apparmor.d/fusermount3 +++ b/profiles/apparmor.d/fusermount3 @@ -34,8 +34,12 @@ profile fusermount3 /usr/bin/fusermount3 { /dev/fuse rw, + # needed since libfuse 3.17.1-rc0 (LP: #2111845) + /usr/bin/mount ix, + /usr/bin/umount ix, + @{etc_ro}/fuse.conf r, - @{PROC}/@{pid}/mounts r, + @{PROC}/@{pid}/{mounts,mountinfo} r, @{exec_path} mr,