Ubuntu
chromium-browser package

[snap] Chromium USB enumeration fails when usbmon module is loaded

Bug #1905458 reported by Alistair Buxton
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Version:

chromium 87.0.4280.66 1411

Steps to reproduce:

1. Have Chromium snap, with raw-usb plug connected.
2. sudo modprobe usbmon.
3. Open Chromium and try to use a webpage that has webusb.

Result:

Chromium cannot see any USB devices on the system, regardless of whether it has raw-usb or not.

The following errors are printed on dmesg:

```
[3701471.283584] audit: type=1400 audit(1606101844.664:6015): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:4" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283636] audit: type=1400 audit(1606101844.664:6016): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:2" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283700] audit: type=1400 audit(1606101844.664:6017): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:0" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283786] audit: type=1400 audit(1606101844.664:6018): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:7" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283869] audit: type=1400 audit(1606101844.664:6019): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:5" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283982] audit: type=1400 audit(1606101844.664:6020): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:3" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

Chromium will then print this on stderr:

```
[3121487:3121626:1123/032552.888385:ERROR:udev_watcher.cc(97)] Failed to begin udev enumeration.
```

Why this happens:

Chromium enumerates USB devices by querying udev. Specifically by using udev_enumerate_scan_devices. When usbmon module is loaded, some new device nodes are created for the monitor endpoints. They are only readable by root. When Chromium scans for normal USB devices, it finds the monitors and tries to probe them. Apparmor blocks it, which causes udev_enumerate_scan_devices to fail.

Impact:

There is no way for the user to know this error has occurred unless they happen to be watching dmesg or the stderr of Chromium (which requires they ran it from a terminal). Unless they check both of these places and realize that the error messages are connected, Chromium will just appear to behave as if there are no USB devices connected to the system at all. If the user does realize that usbmon is causing a problem, they must restart Chromium after unloading it, because it will not retry if enumeration ever fails.

See original description
Tags: snap
Alistair Buxton (a-j-buxton)
description: updated
Olivier Tilloy (osomon)
summary: - [snap] Chromium USB enumeration fails with usbmon module is loaded
+ [snap] Chromium USB enumeration fails when usbmon module is loaded
tags: added: snap
Changed in chromium-browser (Ubuntu):
importance: Undecided → Critical
importance: Critical → Medium
Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

This problem has got somewhat worse: now all webcam raw-usb udev nodes are owned by root. That means chromium raw-usb won't work if you have a webcam.

I think this is really a bug in chromium tbh.

Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

Or rather, the bug is between apparmor and this: https://man7.org/linux/man-pages/man3/udev_enumerate_scan_devices.3.html

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.