flatpak icon indicating copy to clipboard operation
flatpak copied to clipboard

Published 20 hours ago verified publisher icon flatpak

[Bug]: bwrap: Can't mkdir parents for /etc/pkcs11/pkcs11.conf: Read-only file system

Open SaFi2266 opened this issue 1 year ago • 5 comments

Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for a bug that matches the one I want to file, without success.
  • [X] If this is an issue with a particular app, I have tried filing it in the appropriate issue tracker for the app (e.g. under https://github.com/flathub/) and determined that it is an issue with Flatpak itself.
  • [X] This issue is not a report of a security vulnerability (see here if you need to report a security issue).

Flatpak version

1.14.8

What Linux distribution are you using?

Ubuntu

Linux distribution version

22.04.4

What architecture are you using?

x86_64

How to reproduce

Clicking any flatpak app gets nothing

Expected Behavior

Execution of app

Actual Behavior

On desktop … Nothing happened On terminal ... executing flatpak run app.author.name gets the error for almost apps bwrap: Can't mkdir parents for /etc/pkcs11/pkcs11.conf: Read-only file system

Additional Information

After trying to update flatpak packages org.freedesktop.Platform.GL.nvidia-535-183-01 org.freedesktop.Platform.openh264

gets the error Warning: Error deploying: While trying to apply extra data: apply_extra script failed, exit status 256

SaFi2266 avatar Aug 04 '24 05:08 SaFi2266

Today I remove everything

flatpak uninstall --delete-data --all flatpak remote-delete --force flathub sudo apt remove --purge *flatpak*

Then install flatpak again, When trying to install first app I got

Warning: Error deploying: While trying to apply extra data: apply_extra script failed, exit status 256 for the same update packages mentioned above and still getting same error when trying to run the app

bwrap: Can't mkdir parents for /etc/pkcs11/pkcs11.conf: Read-only file system

Any suggestion will be welcomed

SaFi2266 avatar Aug 13 '24 07:08 SaFi2266

flatpak run app.author.name

What is a real example of an app for which this fails? (If you want a simple app to test with, perhaps try https://flathub.org/apps/org.gnome.Recipes)

What runtime does that app use?

Please try running flatpak run -v -v org.gnome.Recipes (replacing org.gnome.Recipes with whatever app you are trying to run, if different), and provide the output as an attachment or Gist.

Also please provide the output of:

flatpak override --system --show
flatpak override --user --show
flatpak override --system --show org.gnome.Recipes
flatpak override --user --show org.gnome.Recipes

again replacing org.gnome.Recipes with the app ID of an affected app.

smcv avatar Aug 13 '24 11:08 smcv

When trying to install any app e.g. org.gnome.Recipes I got

flatpak install flathub org.gnome.Recipes
Looking for matches…
Required runtime for org.gnome.Recipes/x86_64/stable (runtime/org.gnome.Platform/x86_64/46) found in remote flathub
Do you want to install it? [Y/n]: y

org.gnome.Recipes permissions:
    ipc    network    fallback-x11    pulseaudio    wayland    x11

        ID                                           Branch           Op           Remote            Download
 1. [✗] org.freedesktop.Platform.openh264            2.4.1            i            flathub           634.4 kB / 976.5 kB
 2. [✓] org.gnome.Platform.Locale                    46               i            flathub            19.9 kB / 380.0 MB
 3. [✓] org.gnome.Platform                           46               i            flathub           229.9 MB / 347.5 MB
 4. [✓] org.gnome.Recipes.Locale                     stable           i            flathub            13.2 kB / 1.2 MB
 5. [✓] org.gnome.Recipes                            stable           i            flathub            21.3 MB / 15.5 MB

Warning: Error deploying: While trying to apply extra data: apply_extra script failed, exit status 256
Installation complete.

The output of flatpak run -v -v org.gnome.Recipes could found here

All

flatpak override --system --show
flatpak override --user --show
flatpak override --system --show org.gnome.Recipes
flatpak override --user --show org.gnome.Recipes

Show nothing

This situation apply on all apps, ex. here output of flatpak run -v -v org.nmap.Zenmap

SaFi2266 avatar Aug 13 '24 19:08 SaFi2266

What version of bubblewrap is this? (bwrap --version)

smcv avatar Aug 14 '24 08:08 smcv

This seems very strange. The error is happening during setup of the sandbox (container), which runs in a temporary root filesystem (a tmpfs) with your "real" system mounted on oldroot, and populates newroot with a mixture of files from the host system and files from the runtime, before switching the root filesystem of the app's sandbox to be newroot.

During that setup, the equivalent of mkdir -p newroot/etc/pkcs11 is getting error EROFS "Read-only filesystem". But newroot is on a tmpfs, and if the tmpfs wasn't mounted read/write, then we should have had an error from one of the previous operations. In particular, creating newroot/etc/passwd already succeeded... and if newroot/etc was somehow a read-only filesystem, then that shouldn't have been allowed either.

Ubuntu 22.04 doesn't have Flatpak 1.14.x, so I assume you must have either got it from https://launchpad.net/~flatpak/+archive/ubuntu/stable or compiled it yourself?

How are you running Flatpak? Are you running it from a terminal emulator that's packaged as a sandboxed or otherwise unusual app (Flatpak, Snap, AppImage, etc.), or are you running it from an "ordinary" non-sandboxed terminal emulator?

Are there any AppArmor denials shown in the system log (systemd Journal) when you run a Flatpak app?

smcv avatar Aug 14 '24 08:08 smcv