2

I'm migrating from Gentoo to Ubuntu 22.04. Traditionally, I have all my firefox profiles on a seperate partition mounted at /profiles which is mounted via this line in /etc/fstab:

PARTUUID="..." /profiles       ext4    data=writeback,barrier=0,nobh,commit=120,nofail,noatime,nodiratime      0       0

Now, I figured firefox comes as a snap package, and I have issues with that (off topic) so I installed it via the mozillateam ppa. Now, this firefox can read/write my profiles only if I copy them into my user's $HOME, but it says permission denied when I try to make the profile manager use any of the profiles on /profiles or create new profiles there. In the terminal, I can read/write just fine inside /profiles.

After a bit of research, it seems like, Ubuntu's software center has some kind of options to allow R/W access to removable media, which I suppose my /profiles partition counts as (see this answer or this answer). I don't understand how this is done and I really really don't want this extra layer of "security". I want my permissions handled by chown and chmod and that's it. Can I disable this hidden mechanism of denying R/W access to removable media somehow?

Thanks :)

Artur Meinild
  • 31,035
igel
  • 197

1 Answers1

1

Thanks to the comments pointing to AppArmor as the culprit and reminding me to look at the syslog (I had to tell rsyslogd to actually write out messages to /var/log/messages in its config file). Sure enough, syslog also contained lines pointing to AppArmor:

[...] audit: type=1400 audit(1698224327.418:520): apparmor="DENIED" operation="open" class="file" profile="firefox" name="/proc/5309/cgroup" pid=5309 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Now, the link above contains information on how to disable this "feature":

sudo systemctl stop apparmor
sudo systemctl disable apparmor

after a reboot, everything worked as expected. According to the kernel parameter webpage, AppArmor can also be disabled by passing apparmor=0 to the kernel on boot.

igel
  • 197