AppArmor preventing control of screen saver

Recently performed clean install of Xubuntu, and screen was going to sleep while watching Hulu.

Installed Brave from snap.

PC Info:
Operating System: Ubuntu 22.04 LTS
Kernel: Linux 5.15.0-41-generic
Architecture: x86-64

Expected result:
Both power management timeout and screensaver timeout should be disabled when streaming video.

Brave Version( check About Brave):
Version 1.41.96 Chromium: 103.0.5060.114 (Official Build) (64-bit)

Additional Information:
Persistent entries in syslog reported dbus-daemon[1495]: apparmor=“DENIED” operation=“dbus_method_call” bus=“session” path=“/org/freedesktop/PowerManagement/Inhibit” interface=“org.freedesktop.PowerManagement.Inhibit” member=“Inhibit” mask=“send” name=“org.freedesktop.PowerManagement” pid=5163 label=“snap.brave.brave” peer_pid=3583 peer_label=“unconfined”

I began by adding an additional profile path ADDITIONAL_PROFILE_DIR=/var/lib/snapd/apparmor/profiles/ to /lib/apparmor/rc.apparmor.functions then editing /var/lib/snapd/apparmor/profiles/snap.brave.brave to include the following, around line 2415:

dbus (send)
    bus=session
    interface=org.freedesktop.PowerManagement.Inhibit
    path=/org/freedesktop/PowerManagement/Inhibit
    member=Inhibit
    peer=(label=unconfined),

After rebooting, this appears to have resolved the issue, but it took me forever to get to this point. The key was a comment by Alexis Evelyn from here: https://askubuntu.com/questions/1328287/snap-failing-to-start-due-to-apparmor-profiles and using the syslog entry to model my dbus addition. Hopefully this can be fixed in future versions.

@imeister Hi. :slightly_smiling_face: I am a community member and know nothing about Linux. From your post, it appears this is Feedback vs a request for support. Is that correct? If so, you can edit your topic title (pencil icon) and change categories.

I am also wondering if you have tried installing from Brave official versions vs Snap. If not, why not? I am just curious. Posted links below for reference on why I am curious. Please ignore if you so choose. :laughing:

Snap

You can find Brave in the Snapcraft Store, but while it is maintained by Brave Software, it is not yet working as well as our official packages. We currently recommend that users who are able to use our official package repositories do so instead of using the Snap.

I did change this to feedback, as I literally solved my own problem while writing this.

In Linux, manually installed applications from the web (those not obtained from snap or other repository) won’t update without an equally manual process. Snap and repositories are checked for new versions regularly and notify you when updates are available, and they handle things like dependencies automatically.

Source aside, this issue is a security problem with Brave; one that, if I were using the web download, would not have been caught. AppArmor audits what programs try to do under the hood and prevents things that either aren’t properly declared/requested or pose unnecessary risk to the OS.

1 Like

Thank-you for the information! :smiley: I did not realize that updates were a manual process for Linux users. Any automatic handling would definitely be a plus.

Is this something that should be reported to the Brave Bug Bounty program?

It likely affects anyone using the Brave Snap, so maybe? I’m no hacker, so I don’t know the security ramifications are exactly, but at the very least, fixing this issue will save users from having to move their mouse every so often when binging watching Netflix/Hulu. =P

LOL too funny. :laughing: But I know what you mean! Extremely irritating to have to do that! :smiley: