From af396a46ee54fc5dc91e4c8481775c6aebc17009 Mon Sep 17 00:00:00 2001 From: Georgia Garcia Date: Thu, 12 Jun 2025 11:37:48 -0300 Subject: [PATCH] profiles: add mount permissions to fusermount3 needed by flatpak-builder There were failures in the flatpak-build autopkgtests due to missing mount permissions: [ 60.822732] audit: type=1400 audit(1749737394.684:168): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/var/tmp/test-flatpak-uuKcEE/.flatpak-builder/rofiles/rofiles-JxeDhQ/" pid=3150 comm="fusermount3" fstype="fuse.rofiles-fuse" srcname="rofiles-fuse" flags="rw, nosuid, nodev" [ 60.825556] audit: type=1400 audit(1749737394.686:169): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/var/tmp/test-flatpak-uuKcEE/.flatpak-builder/rofiles/rofiles-JxeDhQ/" pid=3151 comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev" [ 918.564687] audit: type=1400 audit(1749738252.435:186): apparmor="DENIED" operation="umount" class="mount" profile="fusermount3" name="/var/tmp/test-flatpak-AI4MsP/.flatpak-builder/rofiles/rofiles-vIM7ok/" pid=7093 comm="fusermount" Signed-off-by: Georgia Garcia --- profiles/apparmor.d/fusermount3 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/profiles/apparmor.d/fusermount3 b/profiles/apparmor.d/fusermount3 index fd653db03..39e348714 100644 --- a/profiles/apparmor.d/fusermount3 +++ b/profiles/apparmor.d/fusermount3 @@ -32,6 +32,10 @@ profile fusermount3 /usr/bin/fusermount3 { mount fstype=fuse.revokefs-fuse options=(nosuid,nodev,rw) revokefs-fuse -> /var/tmp/flatpak-cache-*/**/, umount /var/tmp/flatpak-cache-*/**/, + # flatpak-builder uses rofiles-fuse + mount fstype=fuse.rofiles-fuse options=(nosuid,nodev,rw) {rofiles-fuse,/dev/fuse} -> /var/tmp/test-flatpak-*/**/, + umount /var/tmp/test-flatpak-*/**/, + /dev/fuse rw, # needed since libfuse 3.17.1-rc0 (LP: #2111845)