23

When reviewing my daily logwatch report, I noticed a new df error this morning. I noticed the unusual error at the top of the df listing.

$ df (when run manually from my own account)
df: /run/user/1000/doc: Operation not permitted

or

(when run via root in the daily logwatch report)
df: /root/.cache/doc: Operation not permitted

Thedoc directory appears in the root /root/.cache/ folder (which I've since deleted), and in my own user account /run/user/1000/ folder (or in any /run/user/* directory after log in).

How can I find out why df has this error?

Update #1:

Note that when I do ls -al /run/user/1000 I get the following, and the point to note is that the doc directory has an odd date. Where might this directory come from?

drwx------ 13 xxxxxxxxxxx xxxxxxxxxxx  380 Apr 16 10:07 .
drwxr-xr-x  4 root        root          80 Apr 16 09:56 ..
srw-rw-rw-  1 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 09:56 bus
drwx------  3 xxxxxxxxxxx xxxxxxxxxxx   60 Apr 16 09:56 dbus-1
drwx------  2 xxxxxxxxxxx xxxxxxxxxxx   60 Apr 16 10:14 dconf
dr-x------  2 xxxxxxxxxxx xxxxxxxxxxx    0 Dec 31  1969 doc
drwx--x--x  2 xxxxxxxxxxx xxxxxxxxxxx   60 Apr 16 09:56 gdm
prw-rw-r--  1 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 09:56 gnome-session-leader-fifo
drwx------  3 xxxxxxxxxxx xxxxxxxxxxx   60 Apr 16 09:56 gnome-shell
drwx------  2 xxxxxxxxxxx xxxxxxxxxxx  140 Apr 16 09:56 gnupg
dr-x------  2 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 10:06 gvfs
drwx------  2 xxxxxxxxxxx xxxxxxxxxxx   40 Apr 16 09:56 gvfs-burn
-rw-------  1 xxxxxxxxxxx xxxxxxxxxxx 1046 Apr 16 10:06 ICEauthority
drwx------  2 xxxxxxxxxxx xxxxxxxxxxx  100 Apr 16 10:06 keyring
srw-rw-rw-  1 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 09:56 pk-debconf-socket
drwx------  2 xxxxxxxxxxx xxxxxxxxxxx   80 Apr 16 09:59 pulse
srw-rw-rw-  1 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 09:56 snapd-session-agent.socket
drwxr-xr-x  3 xxxxxxxxxxx xxxxxxxxxxx  100 Apr 16 09:56 systemd
-rw-------  1 xxxxxxxxxxx xxxxxxxxxxx    0 Apr 16 09:57 update-notifier.pid

Update #2:

Interesting enough, I have a second laptop which is exactly like my primary laptop, and the /run/user/1000/doc/ directory is there also, with the same weird date, but df works fine there without error.

On my primary laptop, if I run sudo df there are no errors.

Both laptops are running 19.10, with the same -46 kernel, and the same version 8.30 of df.

Update #3:

Problem still exists in 20.04.

Update #4:

Problem still exists in 20.10.

Pablo Bianchi
  • 17,371
heynnema
  • 73,649

4 Answers4

11

On my machine, which doesn't need any of these services, I did not have flatpak installed, but the problem could be solved by doing sudo apt remove xdg-desktop-portal and rebooting. Or do systemctl --user stop xdg-document-portal.service without reboot.

Jackfritt
  • 83
  • 1
  • 6
a3nm
  • 473
8

As far as I can tell this is a flatpak bug, see:

$ systemctl --user status xdg-document-portal.service
● xdg-document-portal.service - flatpak document portal service
     Loaded: loaded (/usr/lib/systemd/user/xdg-document-portal.service; static; vendor preset: disabled)
     Active: active (running) since Thu 2020-06-04 11:44:00 IDT; 13min ago
   Main PID: 19879 (xdg-document-po)
      Tasks: 7 (limit: 16579)
     Memory: 2.7M
        CPU: 20ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/xdg-document-portal.service
             ├─19879 /usr/libexec/xdg-document-portal
             └─19887 fusermount -o rw,nosuid,nodev,fsname=portal,auto_unmount,subtype=portal -- /run/user/1000/doc

$ df -h > /dev/null
df: /run/user/1000/doc: Operation not permitted


$ systemctl --user stop xdg-document-portal.service
$ df -h > /dev/null
$

So flatpak fusermounts to allow exporting files to sandboxed applications: Flatpak Command Reference - Flatpak documentation

Dani_l
  • 181
7

The issue has been reported to Flatpak team, then follow up by this issue.

Pablo Bianchi
  • 17,371
murashkin17
  • 71
5

This is regarded as a bug in gnulib, which has been fixed in this commit (June 2021). Referenced discussions:

EDIT: As said in comments by braoult, this "fix" does not affect df -a, and an explicit df /run/user/1000/doc has the same issue. The fix should really be in xdg-desktop-portal. The bug report: https://github.com/flatpak/xdg-desktop-portal/issues/553

vinc17
  • 196