Comments (33)
I forgot, the temporary solution is to disable the new profile:
sudo ln -s /etc/apparmor.d/bwrap-userns-restrict /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/bwrap-userns-restrict
Related bug report: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2072811
from tdesktop.
Can confirm this behavior.
Kubuntu 24.04, Telegram 5.2.3, Flatpak
Similar logs:
[2024.07.11 14:51:52] Launched version: 5002003, install beta: [FALSE], alpha: 0, debug mode: [FALSE]
[2024.07.11 14:51:52] Executable dir: /app/bin/, name: telegram-desktop
[2024.07.11 14:51:52] Initial working dir: ~/
[2024.07.11 14:51:52] Working dir: ~/.var/app/org.telegram.desktop/data/TelegramDesktop/
[2024.07.11 14:51:52] Command line: telegram-desktop
[2024.07.11 14:51:52] Executable path before check: /app/bin/telegram-desktop
[2024.07.11 14:51:52] Logs started
[2024.07.11 14:51:52] App ID: org.telegram.desktop
[2024.07.11 14:51:52] Connecting local socket to b637e5366999d70e67e60db40ef1d810-TelegramDesktop...
[2024.07.11 14:51:52] Socket connect error 0, starting server and app...
[2024.07.11 14:51:52] Could not copy '~/.var/app/org.telegram.desktop/data/TelegramDesktop/log_start0.txt' to '~/.var/app/org.telegram.desktop/data/TelegramDesktop/log.txt' to start new logging: Cannot create ~/.var/app/org.telegram.desktop/data/TelegramDesktop/log.txt for output: No such file or directory
Tried rebooting, reinstalling, deleting telegram directory and reinstalling again. But the error is still the same
from tdesktop.
I have the same problem with ubuntu 24.04
from tdesktop.
I used this command:
sudo aa-disable /etc/apparmor.d/bwrap-userns-restrict
Can be re-enabled with aa-enforce
from tdesktop.
same here. All worked fine till I updated. I guess the last update is to blame.
from tdesktop.
from tdesktop.
As Schildkroet noted, the fix has already been released. In truth, the fix is to roll back the version and thus remove the bwrap-userns-restrict profile.
If anyone has used my temporary solution (#28156 (comment)), I recommend removing the symbolic link causing the profile to be disabled. That way, if the corrected profile comes back in future apparmor updates, it will be active. Remember to do this after updating apparmor to the latest version (4.0.1really4.0.0-beta3-0ubuntu0.1).
To remove symbolic link, run:
sudo rm /etc/apparmor.d/disable/bwrap-userns-restrict
Please note that the apparmor update is in phasing, so it may not be available for update at your instance yet: https://ubuntu-archive-team.ubuntu.com/phased-updates.html
from tdesktop.
I don't see how tdesktop could be at fault here, acces is not given and that's all
from tdesktop.
try to restart your pc
I have the same issue. Tried rebooting, reinstalling (both with '--reinstall' flag and just total remove and fresh install), manual deletion of these directories (like on screenshot above) and also 'flatpak-repair' ... none of that helped. Other flatpak apps work without issues, so its some bug in tdesktop itself (its flatpak version to be exact).
I also have Ubuntu 24.04 (6.8 low-latency kernel, but double-checked - have the same on the original 6.8 one).
from tdesktop.
@Matige's method worked in my ubuntu 24.04, but is it a safe solution security-wise?
from tdesktop.
@akirataguchi115
It is NOT an telegram issue, therefor it was closed here.
from tdesktop.
No, this is an apparmor problem completly independent from flatpak/telegram. You have to disable apparmor or wait for a fix in apparmor.
from tdesktop.
http://archive.ubuntu.com/ubuntu/pool/main/a/apparmor/apparmor_4.0.1really4.0.0-beta3-0ubuntu0.1_amd64.deb
download this deb ,install ,reboot
from tdesktop.
Fix already releases, should arrive soon on your system.
https://launchpad.net/ubuntu/+source/apparmor/4.0.1really4.0.0-beta3-0ubuntu0.1
from tdesktop.
try to restart your pc
from tdesktop.
According to the log, it looks like flatpak sandbox is broken: it doesn't allow tdesktop to write into its own data directory. tdesktop couldn't work without write access to its data.
from tdesktop.
It really looks like a flatpak fault, not tdesktop
from tdesktop.
Same issue here. Tried rebooting and reinstalling.
All other flatpak apps run as expected, the only app that does not start seems to be telegram.
from tdesktop.
try to restart your pc
I restarted my PC and still got the same problem.
from tdesktop.
I don't see how tdesktop could be at fault here, acces is not given and that's all
I am using snap version but my personal preference would be the flatpak version. Just wonder if the flatpak version would be working or it would be dead in the water.
from tdesktop.
I have the same issue on ubuntu 24.04. Telegram is via flatpak. By the way, chrome and remmina via flatpak don't have any issues. All of ubuntu and flatpak apps have been updated to the latest.
from tdesktop.
Hello,
same problem. Already tried reinstalling/rebooting. Problem still exists.
from tdesktop.
I don't see how tdesktop could be at fault here, acces is not given and that's all
This is what flatseal shows about telegram desktop. It seems to me that it has access to all system and user files...
from tdesktop.
I tried using older versions from flathub repo, but still got the error. Could it be possible, that this might be an os-specific error, since i did an update right before this issue popped up?
Following packages were updated:
Paket: Alte Version: Neue Version: Größe:
apache2-bin 2.4.58-1ubuntu8.2 2.4.58-1ubuntu8.3 1.3 MB
apparmor 4.0.0-beta3-0ubuntu3 4.0.1-0ubuntu0.24.04.2 641 KB
code 1.91.0-1719861592 1.91.1-1720564633 100.9 MB
libapparmor1 4.0.0-beta3-0ubuntu3 4.0.1-0ubuntu0.24.04.2 50 KB
libapparmor1:i386 4.0.0-beta3-0ubuntu3 4.0.1-0ubuntu0.24.04.2 51 KB
libegl-mesa0 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 115 KB
libegl-mesa0:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 128 KB
libgbm1 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 43 KB
libgbm1:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 44 KB
libgl1-mesa-dev 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 17 KB
libgl1-mesa-dri 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 9.0 MB
libgl1-mesa-dri:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 9.2 MB
libglapi-mesa 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 41 KB
libglapi-mesa:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 41 KB
libglx-mesa0 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 154 KB
libglx-mesa0:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 165 KB
libxatracker2 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 2.2 MB
linux-libc-dev 6.8.0-36.36 6.8.0-38.38 1.6 MB
linux-tools-common 6.8.0-36.36 6.8.0-38.38 487 KB
mesa-va-drivers 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 4.2 MB
mesa-va-drivers:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 4.3 MB
mesa-vdpau-drivers 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 3.9 MB
mesa-vdpau-drivers:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 4.2 MB
mesa-vulkan-drivers 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 11.0 MB
mesa-vulkan-drivers:i386 24.0.5-1ubuntu1 24.0.9-0ubuntu0.1 11.4 MB
xdg-desktop-portal 1.18.3-1ubuntu1 1.18.4-1ubuntu2 298 KB
from tdesktop.
This is what flatseal shows about telegram desktop. It seems to me that it has access to all system and user files...
The access to directories inside .var/app/org.telegram.desktop
is essential (always granted) and couldn't be controlled via flatseal. That's why I say the sandbox misbehaves, you folks have got some flatpak bug and there's nothing tdesktop could do about that.
from tdesktop.
Could it be possible, that this might be an os-specific error, since i did an update right before this issue popped up?
Yes, that's what I said, the problem is in some system component responsible for sandboxing (perhaps flatpak or bubblewrap). Such errors couldn't come from tdesktop.
from tdesktop.
Although I wouldn't be surprised if that's some conflict between apparmor and flatpak.
from tdesktop.
I can confirm that the problem started after updating apparmor on Ubuntu 24.04:
Upgrade: apparmor:amd64 (4.0.0-beta3-0ubuntu3, 4.0.1-0ubuntu0.24.04.2), libapparmor1:amd64 (4.0.0-beta3-0ubuntu3, 4.0.1-0ubuntu0.24.04.2)
Apparmor logs:
2024-07-12T11:41:41.265269+02:00 pc kernel: audit: type=1400 audit(1720777301.264:294): apparmor="DENIED" operation="link" class="file" info="Failed name lookup - deleted entry" error=-2 profile="bwrap" name="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/#1180674" pid=15067 comm="telegram-deskto" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
2024-07-12T11:41:41.265285+02:00 pc kernel: audit: type=1400 audit(1720777301.264:295): apparmor="DENIED" operation="link" class="file" profile="bwrap" name="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/log.txt" pid=15067 comm="telegram-deskto" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/#1180674"
2024-07-12T11:41:41.265286+02:00 pc kernel: audit: type=1400 audit(1720777301.264:296): apparmor="DENIED" operation="link" class="file" info="Failed name lookup - deleted entry" error=-2 profile="unpriv_bwrap" name="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/#1180674" pid=15067 comm="telegram-deskto" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
2024-07-12T11:41:41.265287+02:00 pc kernel: audit: type=1400 audit(1720777301.264:297): apparmor="DENIED" operation="link" class="file" profile="unpriv_bwrap" name="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/log.txt" pid=15067 comm="telegram-deskto" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/home/user/.var/app/org.telegram.desktop/data/TelegramDesktop/#1180674"
Changes in apparmor 4.0.0-beta4-0ubuntu1
* Add patch to enable bwrap profile
- d/p/u/enable-bwrap-profile.patch
(LP: #2046844, LP: #2065708)
* d/apparmor.install
- install new profile
- bwrap-userns-restrict
I think this is the cause of our problems.
from tdesktop.
@Matige's method worked in my ubuntu 24.04, but is it a safe solution security-wise?
Really important question. Anybody brave to answer, please?
from tdesktop.
Doesn't disabling Bubblewrap restrictions mean applications from flatpaks and docker don't have the same restrictions anymore? Isn't this an unsafe solution to be marked as "completed"?
from tdesktop.
Ah makes sense. Surely the Flatpak version of Telegram was rolled back to the previous version?
from tdesktop.
I have the same problem ,ubuntu 24.04
from tdesktop.
I used this command:
sudo aa-disable /etc/apparmor.d/bwrap-userns-restrict
Can be re-enabled with
aa-enforce
This worked for me, but also wondering how safe it is. Hoping for a fix from AppArmor soon.
from tdesktop.
Related Issues (20)
- Telegram Flatpak crashes on startup HOT 1
- How can I remove recently taken photos?
- Hyperlinking formatted text removes formatting HOT 1
- Crash after screen locking HOT 2
- Could not start telegram desktop HOT 2
- Add support to aarch64 by removing -fcf-protection flag HOT 15
- Page error on Raspbian HOT 1
- Telegram crashes when trying to open HOT 2
- Hyperlink dont highlight one as hyperlink. HOT 4
- Error interpreting clipboard contents. HOT 1
- Pressing ESC from a chat no longer lands us in the (chat-)searchbox as it used to. HOT 3
- Option to enlarge media caption typing field a bit
- Pasting of multiline text adds extra newlines HOT 26
- Exclude archived chats from folder does not works HOT 2
- Sumerian characters support HOT 1
- Display date time in chat Statistics in local time zone
- Qt version issue HOT 1
- Unable to login HOT 1
- xz.git repository changed the URL HOT 2
- Application crashed on incoming or outgoing calls HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tdesktop.