Ubuntu guest running in virtual machine powered by Oracle VirtualBox 5.2.18. Virtualbox shared folders worked pretty well here until the upgrade from 16.04 to Bionic Beaver was conducted. After upgrade the guest's Web Browser can't open V.B. shared folder (e.g. on filling the form for file upload to web site). Error message popping up on attempt to navigate to shared folder from "open file" dialog reads: .... permission denied. However leaving browser then navigating to shared folder from Nautilus manually works fine.
All instances of web browser run as current user which has no problems to view and manipulate shared folder from Nautilus. Also file ownerships, group and access mode are same in 18.04 as in 16.04 backup. The browser is Chromium, however problems were reproducible also with Firefox.
/etc/fstab
does not include any line for mount of vboxsf type, also in 16.04 backup which works fine.
User, the browser is running under and that one logged locally to Beaver and testing shared folder access manually using Nautilus, is in 'vboxsf' user group. That assignment was removed by Beaver installation-by-upgrade. Mount point is /media/sf_exchange
:
$ ls -alh /media
total 44K
drwxr-xr-x 12 root root 4.0K Aug 18 19:25 .
drwxr-xr-x 24 root root 4.0K Aug 16 20:38 ..
drwxrwx--- 1 root vboxsf 680 Aug 18 22:10 sf_exchange
...
Version of installed guest additions is in sync with used Virtual Box version.
What might be possible reason and possible solution?
=====================
UPDATE upon interesting hint from Mr. T
$ sudo cat /sys/kernel/security/apparmor/profiles | grep .*chrom.*
snap.chromium.chromium (enforce)
snap-update-ns.chromium (enforce)
/usr/lib/lightdm/lightdm-guest-session//chromium (enforce)
$
Following found also in system log at time stamp corresponding to navigating to shared folder from Chromium's Open File dialog:
AVC apparmor="DENIED" operation="open" profile="snap.chromium.chromium" \
name="/media/sf_exchange/" pid=4288 comm="pool" requested_mask="r" \
denied_mask="r" fsuid=1000 ouid=0
$ sudo cat /var/lib/snapd/apparmor/profiles/snap.chromium.chromium | grep exchange
$ sudo cat /var/lib/snapd/apparmor/profiles/snap.chromium.chromium | grep -e '/media'
$
$ sudo find / -path *apparmor* -name *snap.chromium.chromium*
/var/lib/snapd/apparmor/profiles/snap.chromium.chromium
/var/cache/apparmor/snap.chromium.chromium
find: ‘/run/user/1000/gvfs’: Permission denied
$
so no explicit rule to forbid mount point. How to find then the blocking rule?
Same problems with Firefox as reported previously are no more reproducible.
My guess would be this is a problem with apparmor. The following command will disable AppArmor until reboot:
If it works with AppArmor disabled, you can either edit or disable the AppArmor profile for Firefox.