SocketException (errno=13 Permission denied) when fetching GitHub contributors; error shown in UI on startup

[AdemarTellecher]

Is there an existing issue for this?

• I have searched the existing issues and found none matching what I'm reporting.

Bug Description

On launching App Center (Version 1.0.0), an error message is displayed in the UI:

ClientException with SocketException: Read failed (OS Error: Permission denied, errno = 13), address = api.github.com, port = 45146, url=https://api.github.com/repos/ubuntu/app-center/contributors?anon=false

Screenshot:

Relevant code paths / context:

1. The GitHub contributors request is made here (Riverpod provider):
   

   app-center/packages/app_center/lib/about/about_providers.dart

   Lines 1 to 31 in 920adcf

   	import 'package:collection/collection.dart';
   	import 'package:flutter_riverpod/flutter_riverpod.dart';
   	import 'package:github/github.dart';
   	import 'package:package_info_plus/package_info_plus.dart';
   	import 'package:ubuntu_service/ubuntu_service.dart';
   	final contributorsProvider = FutureProvider.autoDispose
   	.family<List<Contributor>, String>((ref, repo) async {
   	const designers = {'anasereijo', 'elioqoshi', 'Zoospora'};
   	const exclude = {'weblate'};
   	final contributors = await getService<GitHub>()
   	.repositories
   	.listContributors(RepositorySlug.full(repo))
   	.where(
   	(c) =>
   	c.type == 'User' &&
   	!designers.contains(c.login) &&
   	!exclude.contains(c.login),
   	)
   	.toList();
   	return [
   	...designers.map(
   	(d) => Contributor(
   	login: d,
   	htmlUrl: 'https://github.com/$d',
   	avatarUrl: 'https://avatars.githubusercontent.com/$d',
   	),
   	),
   	...contributors,
   	].sortedBy((c) => c.login?.toLowerCase() ?? '');

It calls:
getService<GitHub>().repositories.listContributors(RepositorySlug.full(repo))

where repo comes from the constant:

app-center/packages/app_center/lib/constants.dart

Lines 1 to 12 in 920adcf

	import 'package:flutter/material.dart';
	import 'package:yaru/icons.dart';
	const kAppName = 'App Center';
	const kSnapName = 'snap-store';
	const kGitHubRepo = 'ubuntu/app-center';
	// TODO: add proper neutral colors to yaru
	const kShimmerBaseLight = Color.fromARGB(120, 228, 228, 228);
	const kShimmerBaseDark = Color.fromARGB(255, 51, 51, 51);
	const kShimmerHighLightLight = Color.fromARGB(200, 247, 247, 247);
	const kShimmerHighLightDark = Color.fromARGB(255, 57, 57, 57);

(kGitHubRepo = 'ubuntu/app-center')

2. The UI displays the provider error directly as text:
   

   app-center/packages/app_center/lib/about/about_page.dart

   Lines 112 to 143 in 920adcf

   	const _ContributorView({required this.repo});
   	final String repo;
   	@override
   	Widget build(BuildContext context, WidgetRef ref) {
   	final l10n = AppLocalizations.of(context);
   	final state = ref.watch(contributorsProvider(repo));
   	final light = Theme.of(context).brightness == Brightness.light;
   	return Column(
   	mainAxisSize: MainAxisSize.min,
   	crossAxisAlignment: CrossAxisAlignment.start,
   	children: [
   	Text(l10n.aboutPageContributorTitle),
   	const SizedBox(height: 8),
   	state.when(
   	data: _ContributorWrap.new,
   	error: (error, stackTrace) => Text(error.toString()),
   	loading: () => Shimmer.fromColors(
   	baseColor: light ? kShimmerBaseLight : kShimmerBaseDark,
   	highlightColor:
   	light ? kShimmerHighLightLight : kShimmerHighLightDark,
   	child: _ContributorWrap(List<Contributor?>.filled(36, null)),
   	),
   	),
   	],
   	);
   	}
   	}
   	class _ContributorWrap extends StatelessWidget {

   
   error: (error, stackTrace) => Text(error.toString())

This explains why the raw SocketException message becomes visible to the user.

Steps to reproduce the behavior

1. Launch App Center.
2. Wait for the initial screen to render.
3. Observe the SocketException message shown in the UI (instead of expected content).

Expected behavior

App Center should load its initial UI without showing a raw exception to the user.
If network access to GitHub is unavailable/restricted, the UI should handle it gracefully (e.g., hide contributors section, show a friendly message, or avoid calling GitHub at startup).

Ubuntu release

Other (specify in the last field)

What architecture are you using?

amd64

System info

PRETTY_NAME="Ubuntu Resolute Raccoon (development branch)"
NAME="Ubuntu"
VERSION_ID="26.04"
VERSION="26.04 (Resolute Raccoon)"
VERSION_CODENAME=resolute
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=resolute
LOGO=ubuntu-logo

uname -rv && snap info snap-store snapd
6.19.0-5-generic #5-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 13 19:34:41 UTC 2026
name:      snap-store
summary:   App Center
publisher: Canonical✓
store-url: https://snapcraft.io/snap-store
license:   unset
description: |
  App Center
commands:
  - snap-store.show-updates
  - snap-store
snap-id:      gjf3IPXoRiipCu9K0kVu52f0H56fIksg
tracking:     2/stable/ubuntu-26.04
refresh-date: 22 days ago, at 02:37 -03
channels:
  2/stable:          0+git.90575829   2025-10-09 (1270) 11MB -
  2/candidate:       ↑                                       
  2/beta:            ↑                                       
  2/edge:            0+git.920adcf6   2026-02-19 (1319) 16MB -
  latest/stable:     41.3-72-g80e7130 2024-09-22 (1216) 12MB -
  latest/candidate:  ↑                                       
  latest/beta:       ↑                                       
  latest/edge:       0+git.920adcf6   2026-02-19 (1319) 16MB -
  preview/stable:    –                                       
  preview/candidate: 0.2.7-alpha      2023-02-02  (864) 10MB -
  preview/beta:      ↑                                       
  preview/edge:      0.3.0-alpha      2023-08-14 (1017) 11MB -
  1/stable:          41.3-72-g80e7130 2024-09-22 (1216) 12MB -
  1/candidate:       ↑                                       
  1/beta:            ↑                                       
  1/edge:            41.3-72-g80e7130 2024-09-16 (1216) 12MB -
installed:           0+git.515109e7              (1310) 16MB -
---
name:      snapd
summary:   Daemon and tooling that enable snap packages
publisher: Canonical✓
store-url: https://snapcraft.io/snapd
contact:   https://github.com/snapcore/snapd/issues
license:   GPL-3.0
description: |
  Install, configure, refresh and remove snap packages. Snaps are
  'universal' packages that work across many different Linux systems,
  enabling secure distribution of the latest apps and utilities for
  cloud, servers, desktops and the internet of things.
  
  Start with 'snap list' to see installed snaps.
type:         snapd
snap-id:      PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
tracking:     latest/edge
refresh-date: ontem às 20:46 -03
channels:
  latest/stable:    2.73                2026-01-09 (25935) 50MB -
  latest/candidate: 2.73                2025-12-12 (25935) 50MB -
  latest/beta:      2.74.1              2026-02-13 (26382) 50MB -
  latest/edge:      2.74.1+g165.05579fc 2026-02-19 (26455) 50MB -
installed:          2.74.1+g165.05579fc            (26455) 50MB snapd

Additional context

Additional investigation hints:

• The error is errno=13 (Permission denied) on a TCP connection to api.github.com, which often indicates environment-level restrictions (e.g., snap confinement/AppArmor rules, corporate proxy, firewall policy, or blocked outbound connections) rather than a typical DNS/timeout issue.
• It would help to know whether this happens only in the snap build and which confinement mode is used.

Suggested diagnostic info to add (if available):

• Output of:
  • uname -rv && snap info snap-store snapd
  • snap connections snap-store
  • snap debug confinement snap-store (if available on the system)
  • journalctl --user -u snap.snap-store.* -n 200 --no-pager (or relevant app logs)
• Whether a proxy is configured:
  • env | grep -i proxy
• Whether curl https://api.github.com works from the same machine/user session.

Aditional context

Environment / system details

• OS: Ubuntu 26.04 (Resolute Raccoon) (development branch)
  • PRETTY_NAME="Ubuntu Resolute Raccoon (development branch)"
  • VERSION_ID="26.04"
  • VERSION_CODENAME="resolute"
• Architecture: amd64
• Kernel: 6.19.0-5-generic (Only load the featured apps tint colours one time after opening the app #5-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 13 19:34:41 UTC 2026)

Snap details

• snap-store (App Center)
  • tracking: 2/stable/ubuntu-26.04
  • installed: 0+git.515109e7 (revision 1310)
• snapd
  • tracking: latest/edge
  • installed: 2.74.1+g165.05579fc (revision 26455)

Network diagnostics

• From the same machine/user session, GitHub API is reachable:
  • curl -I https://api.github.com -> HTTP/2 200

Snap interfaces / connections

• snap connections snap-store shows the snap has the network interface connected.
  (Full output available below if needed.)

Notes / hypothesis

• Since curl to https://api.github.com succeeds outside the app, and the snap has network connected, the SocketException: Permission denied (errno=13) may indicate a sandbox/confinement restriction or environment-specific networking policy affecting the snap process (e.g., AppArmor/seccomp denial), rather than a general connectivity/DNS issue.
• If useful, I can provide relevant logs (e.g., journalctl --user -u snap.snap-store.*) and proxy environment (env | grep -i proxy).

snap connections snap-store 
Interface               Plug                           Slot                            Notes
appstream-metadata      snap-store:appstream-metadata  :appstream-metadata             -
content[gnome-46-2404]  snap-store:gnome-46-2404       gnome-46-2404:gnome-46-2404     -
content[gpu-2404]       snap-store:gpu-2404            mesa-2404:gpu-2404              -
content[gtk-3-themes]   snap-store:gtk-3-themes        gtk-common-themes:gtk-3-themes  -
content[icon-themes]    snap-store:icon-themes         gtk-common-themes:icon-themes   -
content[sound-themes]   snap-store:sound-themes        gtk-common-themes:sound-themes  -
dbus                    -                              snap-store:dbus-name            -
dbus                    -                              snap-store:packagekit-session   -
desktop                 snap-store:desktop             :desktop                        -
desktop-launch          snap-store:desktop-launch      :desktop-launch                 -
desktop-legacy          snap-store:desktop-legacy      :desktop-legacy                 -
gsettings               snap-store:gsettings           :gsettings                      -
network                 snap-store:network             :network                        -
opengl                  snap-store:opengl              :opengl                         -
packagekit-control      snap-store:packagekit-control  :packagekit-control             -
snapd-control           snap-store:snapd-control       :snapd-control                  -
wayland                 snap-store:wayland             :wayland                        -
x11                     snap-store:x11                 :x11                            -

curl -I https://api.github.com
HTTP/2 200 
date: Fri, 20 Feb 2026 06:31:26 GMT
content-type: application/json; charset=utf-8
cache-control: public, max-age=60, s-maxage=60
vary: Accept,Accept-Encoding, Accept, X-Requested-With
etag: W/"4f825cc84e1c733059d46e76e6df9db557ae5254f9625dfe8e1b09499c449438"
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
server: github.com
accept-ranges: bytes
x-ratelimit-limit: 60
x-ratelimit-remaining: 59
x-ratelimit-reset: 1771572686
x-ratelimit-resource: core
x-ratelimit-used: 1
content-length: 2396
x-github-request-id: 1240:2367ED:E6D19F:10212D7:6997FFBE

[AdemarTellecher]

More details:

1. The error happens every time I open the “About / Sobre” screen.
2. It also happens when the machine is completely offline (no network/Internet). The app still shows the same SocketException: Permission denied (errno = 13) message when opening About.

So it is 100% reproducible and seems specific to the About page (likely the contributors fetch).