profiles: add mount permissions to fusermount3 needed by flatpak-builder

There were failures in the flatpak-build autopkgtests due to missing mount permissions: [ 60.822732] audit: type=1400 audit(1749737394.684:168): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/var/tmp/test-flatpak-uuKcEE/.flatpak-builder/rofiles/rofiles-JxeDhQ/" pid=3150 comm="fusermount3" fstype="fuse.rofiles-fuse" srcname="rofiles-fuse" flags="rw, nosuid, nodev" [ 60.825556] audit: type=1400 audit(1749737394.686:169): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="fusermount3" name="/var/tmp/test-flatpak-uuKcEE/.flatpak-builder/rofiles/rofiles-JxeDhQ/" pid=3151 comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev" [ 918.564687] audit: type=1400 audit(1749738252.435:186): apparmor="DENIED" operation="umount" class="mount" profile="fusermount3" name="/var/tmp/test-flatpak-AI4MsP/.flatpak-builder/rofiles/rofiles-vIM7ok/" pid=7093 comm="fusermount" Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-08-22 10:07:12 +00:00 · 2025-06-12 11:37:48 -03:00 · 2025-06-12 11:37:48 -03:00 · af396a46ee
commit af396a46ee
parent 9d2aca7945
1 changed files with 4 additions and 0 deletions
--- a/profiles/apparmor.d/fusermount3
+++ b/profiles/apparmor.d/fusermount3
@ -32,6 +32,10 @@ profile fusermount3 /usr/bin/fusermount3 {
  mount fstype=fuse.revokefs-fuse options=(nosuid,nodev,rw) revokefs-fuse -> /var/tmp/flatpak-cache-*/**/,
  umount /var/tmp/flatpak-cache-*/**/,

+  # flatpak-builder uses rofiles-fuse
+  mount fstype=fuse.rofiles-fuse options=(nosuid,nodev,rw) {rofiles-fuse,/dev/fuse} -> /var/tmp/test-flatpak-*/**/,
+  umount /var/tmp/test-flatpak-*/**/,
+
  /dev/fuse rw,

  # needed since libfuse 3.17.1-rc0 (LP: #2111845)