Tdesktop: snap.telegram-desktop won't start on Manjaro+KDE+Apparmor

Created on 9 Dec 2019  Â·  6Comments  Â·  Source: telegramdesktop/tdesktop

Steps to reproduce

  1. on manjaro (kde) with default apparmor enabled
  2. $ snap install telegram-desktop
  3. $ telegram-desktop

Expected behaviour

Telegram Desktop should load

I've got telegram desktop running on this system in Flatpak but not snap, I would prefer snap if possible

Actual behaviour

Telegram icon appears in task bar for a moment (~1 second) then nothing.

I've entered the logs in the log section but it seems apparmor is denying access to various files - although there may be other issues here, the one I think is the main issue is:

audit: type=1400 audit(1575845251.727:86): apparmor="DENIED" operation="open" profile="snap.telegram-desktop.telegram-desktop" name="/run/user/1000/.Xauthority" pid=4254 comm="Telegram" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

I've checked /var/lib/snapd/apparmor/profiles/snap.telegram-desktop.telegram-desktop and there doesn't seem to be any mention of Xauthority (or the other denied files).

Configuration

Operating system:

Operating System: Manjaro Linux 
KDE Plasma Version: 5.17.3
KDE Frameworks Version: 5.64.0
Qt Version: 5.13.2
Kernel Version: 5.3.12-1-MANJARO
OS Type: 64-bit
Processors: 8 × Intel® Core™ i7-3632QM CPU @ 2.20GHz
Memory: 15.3 GiB of RAM

Version of Telegram Desktop:
telegram-desktop 1.8.15 994 stable telegram.desktop -

Used theme: N/A

Logs:

Dec 08 23:38:23 audit[5629]: AVC apparmor="DENIED" operation="open" profile="snap-update-ns.telegram-desktop" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=5629 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dec 08 23:38:23 kernel: audit: type=1400 audit(1575848303.098:123): apparmor="DENIED" operation="open" profile="snap-update-ns.telegram-desktop" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=5629 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dec 08 23:38:23 audit[5613]: AVC apparmor="DENIED" operation="open" profile="snap.telegram-desktop.telegram-desktop" name="/run/user/1000/.Xauthority" pid=5613 comm="Telegram" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dec 08 23:38:23 kernel: audit: type=1400 audit(1575848303.241:124): apparmor="DENIED" operation="open" profile="snap.telegram-desktop.telegram-desktop" name="/run/user/1000/.Xauthority" pid=5613 comm="Telegram" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dec 08 23:38:23 audit[5698]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==snap.telegram-desktop.telegram-desktop (enforce) pid=5698 comm="Telegram" exe="/snap/telegram-desktop/994/bin/Telegram" sig=0 arch=c000003e syscall=101 compat=0 ip=0x206c859 code=0x50000
Dec 08 23:38:23 kernel: audit: type=1326 audit(1575848303.244:125): auid=1000 uid=1000 gid=1000 ses=2 subj==snap.telegram-desktop.telegram-desktop (enforce) pid=5698 comm="Telegram" exe="/snap/telegram-desktop/994/bin/Telegram" sig=0 arch=c000003e syscall=101 compat=0 ip=0x206c859 code=0x50000
Dec 08 23:38:23 audit[5613]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj==snap.telegram-desktop.telegram-desktop (enforce) pid=5613 comm="Telegram" exe="/snap/telegram-desktop/994/bin/Telegram" sig=6 res=1
Dec 08 23:38:23 kernel: audit: type=1701 audit(1575848303.258:126): auid=1000 uid=1000 gid=1000 ses=2 subj==snap.telegram-desktop.telegram-desktop (enforce) pid=5613 comm="Telegram" exe="/snap/telegram-desktop/994/bin/Telegram" sig=6 res=1

bug
Source
picture tabroughton

All 6 comments

just to add to this i removed telegram-desktop and then reinstalled with --devmode to remove apparmor confinement and it ran ok

tabroughton picture tabroughton on 9 Dec 2019

The fix is simple: please add x11 to plugs. While you are at it, you might also add wayland if your application is known to work on wayland systems without Xwayland.

jdstrand picture jdstrand on 10 Dec 2019

The desktop interface provides the x11 and wayland interfaces, so this shouldn't be needed... + ubuntu usees also have apparmor and have no problems... this seems to be a manjaro apparmor profiles issue.
Anyway, does this happen on 1.9.9?

ilya-fedin picture ilya-fedin on 29 Jan 2020
👍1

@fluffypork your issue is https://github.com/telegramdesktop/tdesktop/issues/7105

ilya-fedin picture ilya-fedin on 30 Jan 2020
👍1

The desktop interface provides the x11 and wayland interfaces, so this shouldn't be needed... + ubuntu usees also have apparmor and have no problems... this seems to be a manjaro apparmor profiles issue.
Anyway, does this happen on 1.9.9?

Yes! - it does thanks. I wonder what changed to make it so though I suspect I've updated versions of snapd now and I've also had a few manjaro kernal updates since I reported the issue too.

@Aokromes you've marked as a bug, do you want me to close the issue or do you want to keep it for further reference?

tabroughton picture tabroughton on 1 Feb 2020

i labeled most of non-labeled ones, but since i marked it things have changed, if it's fixed you can close it.

Aokromes picture Aokromes on 1 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

slowaways picture slowaways  Â·  3Comments
DRSDavidSoft picture DRSDavidSoft  Â·  3Comments
luisalvarado picture luisalvarado  Â·  3Comments
LeonTheOriginal picture LeonTheOriginal  Â·  3Comments
FunctionalHacker picture FunctionalHacker  Â·  3Comments