Random Flatpak run permission errors

OS: F40 Kinoite uBlue kinoite-main, former Secureblue, thus many hardening things (but should be nothing concerning bwrap)

Sometimes after using the OS for a while, I get strange Flatpak run errors, after a reboot they are gone

~ ❯❯❯ flatpak run org.signal.Signal
bwrap: Can't find source path /run/user/1001/doc/by-app/org.signal.Signal: Permission denied
~ ❯❯❯ flatpak run org.qbittorrent.qBittorrent
bwrap: Can't find source path /run/user/1001/doc/by-app/org.qbittorrent.qBittorrent: Permission denied

The apps are from flathub, and not formerly opened on that boot.

Is this a bubblewrap bug? It is pretty strange

Maybe unrelated; just out of curiosity. Do
journalctl -g avc:..denied --since today
and
sudo ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
return anything?

2 Likes

Might want to check /run/user/$UID/doc not mounted automatically when pam_namespaces is used · Issue #318 · flatpak/xdg-desktop-portal · GitHub to see if it’s the same issue or something similar.

Do you have btrfs-assistant installed by chance?

For me, this 100% is caused by BTRFS-ASSISTANT. Once it’s launched it will cause this permission issue with your flatpaks (all of them).

Since uninstalling Btrfs-assistant I have not been able to replicate this issue.

Worthy of filing a bug