FYI, AppAmor 3.1.6 was just released with a fix for the regression introduced in 3.1.5, https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
Search Criteria
Package Details: snapd 2.62-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/snapd.git (read-only, click to copy) |
|---|---|
| Package Base: | snapd |
| Description: | Service and tools for management of snap packages. |
| Upstream URL: | https://github.com/snapcore/snapd |
| Licenses: | GPL3 |
| Conflicts: | snap-confine |
| Submitter: | Barthalion |
| Maintainer: | bboozzoo (zyga, mardy) |
| Last Packager: | bboozzoo |
| Votes: | 209 |
| Popularity: | 2.01 |
| First Submitted: | 2018-01-07 17:37 (UTC) |
| Last Updated: | 2024-04-09 07:35 (UTC) |
Dependencies (16)
- apparmor (apparmor-gitAUR)
- libseccomp (libseccomp-gitAUR)
- libsystemd (systemd-libs-gitAUR, systemd-chromiumos-libsAUR, systemd-libs-selinuxAUR, systemd-libs-fmlAUR, systemd-libs)
- squashfs-tools (squashfs-tools-gitAUR)
- apparmor (apparmor-gitAUR) (make)
- autoconf-archive (autoconf-archive-gitAUR) (make)
- git (git-gitAUR) (make)
- go (go-gitAUR, gcc-go-gitAUR, gcc-go) (make)
- go-tools (go-tools-gitAUR) (make)
- libcap (make)
- libseccomp (libseccomp-gitAUR) (make)
- python-docutils (make)
- systemd (systemd-gitAUR, systemd-chromiumosAUR, systemd-selinuxAUR, systemd-fmlAUR) (make)
- xfsprogs (xfsprogs-gitAUR) (make)
- bash-completion (bash-completion-gitAUR) (optional) – bash completion support
- xdg-desktop-portal (xdg-desktop-portal-gitAUR) (optional) – desktop integration
Required by (13)
- apmpkg (optional)
- bauh (optional)
- bauh-staging (optional)
- discover-snap
- ez (optional)
- libpamac-full
- libpamac-full-git
- meta-package-manager (optional)
- pacup-arch-git (optional)
- plasma5-applets-kde-arch-update-notifier (optional)
- plasma5-applets-kde-arch-update-notifier-git (optional)
- pman (optional)
- qinfo-git (optional)
Sources (1)
bboozzoo commented on 2023-06-22 07:43 (UTC)
InspectrClouseau commented on 2023-06-17 16:08 (UTC) (edited on 2023-06-17 16:12 (UTC) by InspectrClouseau)
Tblue: I see, thank you for opening the bug report. I was doubting myself since on a different computer it does work. The regressions must have been introduced after apparmor 3.1.4-1. The later version is installed on a different computer and still works fine!
Edit: I downgraded to 3.1.4-1 on this machine as well and was able to install without issues. Maybe this information is useful to your bug report.
Tblue commented on 2023-06-17 15:20 (UTC)
InspectrClouseau: Indeed, see https://bugs.launchpad.net/bugs/2023814.
InspectrClouseau commented on 2023-06-17 15:13 (UTC) (edited on 2023-06-17 16:02 (UTC) by InspectrClouseau)
Seems like there is something missing in regards to apparmor. I can't install or run spotify on 6.1.31. When I disable the apparmor service and remove the kernel parameter I can install and run spotify just fine. I had build the new version including the patch of course.
With apparmor activated the installation fails with the following messages.
2023-06-17T17:04:00+02:00 INFO Waiting for automatic snapd restart...
error: cannot perform the following tasks:
- Run configure hook of "spotify" snap if present (run hook "configure":
-----
ha-dark-sea none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Matcha-sea /snap/spotify/67/data-dir/themes/Matcha-sea none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia-compact /snap/spotify/67/data-dir/themes/Materia-compact none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia-dark-compact /snap/spotify/67/data-dir/themes/Materia-dark-compact none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia-dark /snap/spotify/67/data-dir/themes/Materia-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia-light-compact /snap/spotify/67/data-dir/themes/Materia-light-compact none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia-light /snap/spotify/67/data-dir/themes/Materia-light none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Materia /snap/spotify/67/data-dir/themes/Materia none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Radiance /snap/spotify/67/data-dir/themes/Radiance none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Radiant-MATE /snap/spotify/67/data-dir/themes/Radiant-MATE none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-MATE-dark /snap/spotify/67/data-dir/themes/Yaru-MATE-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-MATE-light /snap/spotify/67/data-dir/themes/Yaru-MATE-light none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-bark-dark /snap/spotify/67/data-dir/themes/Yaru-bark-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-bark /snap/spotify/67/data-dir/themes/Yaru-bark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-blue-dark /snap/spotify/67/data-dir/themes/Yaru-blue-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-blue /snap/spotify/67/data-dir/themes/Yaru-blue none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-dark /snap/spotify/67/data-dir/themes/Yaru-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-light /snap/spotify/67/data-dir/themes/Yaru-light none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-magenta-dark /snap/spotify/67/data-dir/themes/Yaru-magenta-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-magenta /snap/spotify/67/data-dir/themes/Yaru-magenta none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-mate-dark /snap/spotify/67/data-dir/themes/Yaru-mate-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-mate /snap/spotify/67/data-dir/themes/Yaru-mate none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-olive-dark /snap/spotify/67/data-dir/themes/Yaru-olive-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-olive /snap/spotify/67/data-dir/themes/Yaru-olive none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-prussiangreen-dark /snap/spotify/67/data-dir/themes/Yaru-prussiangreen-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-prussiangreen /snap/spotify/67/data-dir/themes/Yaru-prussiangreen none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-purple-dark /snap/spotify/67/data-dir/themes/Yaru-purple-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-purple /snap/spotify/67/data-dir/themes/Yaru-purple none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-red-dark /snap/spotify/67/data-dir/themes/Yaru-red-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-red /snap/spotify/67/data-dir/themes/Yaru-red none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-sage-dark /snap/spotify/67/data-dir/themes/Yaru-sage-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-sage /snap/spotify/67/data-dir/themes/Yaru-sage none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-viridian-dark /snap/spotify/67/data-dir/themes/Yaru-viridian-dark none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru-viridian /snap/spotify/67/data-dir/themes/Yaru-viridian none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/Yaru /snap/spotify/67/data-dir/themes/Yaru none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/snap/gtk-common-themes/1535/share/themes/elementary /snap/spotify/67/data-dir/themes/elementary none bind,ro 0 0): cannot create writable mimic over "/snap/spotify/67/data-dir/themes": permission denied
update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/tmp/.X11-unix /tmp/.X11-unix none bind,ro 0 0): permission denied
cannot update snap namespace: cannot create writable mimic over "/usr/lib/x86_64-linux-gnu": permission denied
snap-update-ns failed with code 1
-----)
Tblue commented on 2023-06-08 19:34 (UTC) (edited on 2023-06-11 01:02 (UTC) by Tblue)
The current snapd release (v2.59.5) suffers from openSUSE bug 1211989, which leads to errors like the following when trying to use (some?) snaps:
$ some-snap-app
cannot perform operation: mount -t tmpfs /tmp/snap.rootfs_A5z0uT: Permission denied
This has been fixed on the current snapd master branch, in commit 385d206 (GitHub PR).
Here's a patch for this AUR package that cherry-picks this commit (can be applied with git am):
From 560ae8b2a14d6761866c492b2a4d7c040f4825fb Mon Sep 17 00:00:00 2001
From: Tilman Blumenbach <tilman+git@ax86.net>
Date: Thu, 8 Jun 2023 21:26:00 +0200
Subject: [PATCH] Cherry-pick fix for incompatible AppArmor change.
Source:
https://github.com/snapcore/snapd/commit/385d206348e4dad96ab4fe0fd08f3818515e3906
See:
- https://bugzilla.opensuse.org/show_bug.cgi?id=1211989
- https://github.com/snapcore/snapd/pull/12845
---
PKGBUILD | 4 +++-
snapcore-bug-12845.patch | 29 +++++++++++++++++++++++++++++
2 files changed, 32 insertions(+), 1 deletion(-)
create mode 100644 snapcore-bug-12845.patch
diff --git a/PKGBUILD b/PKGBUILD
index 31bfcdf..3231fb8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -19,8 +19,10 @@ options=('!strip' 'emptydirs' '!lto')
install=snapd.install
source=(
"$pkgname-$pkgver.tar.xz::https://github.com/snapcore/${pkgname}/releases/download/${pkgver}/${pkgname}_${pkgver}.vendor.tar.xz"
+ snapcore-bug-12845.patch
)
-sha256sums=('d2d9efbc2db7fa79edf0c73286320ab5ba039ae30874e88725ef326c618ae5df')
+sha256sums=('d2d9efbc2db7fa79edf0c73286320ab5ba039ae30874e88725ef326c618ae5df'
+ '251449de88f91778980269eda86b995b8cae6af15c90db2734707a47c18d9fb2')
_gourl=github.com/snapcore/snapd
diff --git a/snapcore-bug-12845.patch b/snapcore-bug-12845.patch
new file mode 100644
index 0000000..7bed7da
--- /dev/null
+++ b/snapcore-bug-12845.patch
@@ -0,0 +1,29 @@
+Patch downloaded from:
+https://github.com/snapcore/snapd/commit/385d206348e4dad96ab4fe0fd08f3818515e3906.patch
+
+See: https://github.com/snapcore/snapd/pull/12845
+
+
+From 385d206348e4dad96ab4fe0fd08f3818515e3906 Mon Sep 17 00:00:00 2001
+From: Michael Vogt <mvo@ubuntu.com>
+Date: Mon, 5 Jun 2023 16:18:47 +0200
+Subject: [PATCH] snap-confine: add `tmpfs` mount rule to apparmor profile
+ (#12845)
+
+There is a bugfix to make the mount rules more strict/explicit in apparmor 3.0.10, see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.10 - this affects snapd as it's current profile relies on the implicit behavior. With this commit the missing mount rule is added explicitly.
+---
+ cmd/snap-confine/snap-confine.apparmor.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in
+index fb999368bc4..73d14c8c781 100644
+--- a/cmd/snap-confine/snap-confine.apparmor.in
++++ b/cmd/snap-confine/snap-confine.apparmor.in
+@@ -172,6 +172,7 @@
+
+ # boostrapping the mount namespace
+ /tmp/snap.rootfs_*/ rw,
++ mount fstype=tmpfs none -> /tmp/snap.rootfs_*/,
+ mount options=(rw rshared) -> /,
+ mount options=(rw bind) /tmp/snap.rootfs_*/ -> /tmp/snap.rootfs_*/,
+ mount options=(rw unbindable) -> /tmp/snap.rootfs_*/,
--
2.41.0
flixter commented on 2023-06-04 09:12 (UTC)
On a completely new installation, I have found out these packages to be required by the build of snapd: pkgconf, autoconf and automake. Otherwise, it will not build.
<deleted-account> commented on 2023-03-19 01:12 (UTC)
Just a heads up for anyone experiencing problems building, I was not able to build this package with gcc-go, but building with go works just fine.
It should probably be noted somewhere that this package needs go and not gcc-go. Or there is otherwise some issue or additional dependency when using gcc-go (i'm not sure which is true/caused it to not build with gcc-go)
bkb commented on 2023-02-27 14:21 (UTC)
Create snapd-bin
bboozzoo commented on 2023-02-09 06:26 (UTC)
@Repp no, not really https://wiki.archlinux.org/title/Arch_User_Repository#Getting_started https://wiki.archlinux.org/title/PKGBUILD#makedepends
Because it's so hard for folks to follow, quoting here from the PKGBUILD archwiki page:
Note: The group base-devel is assumed to be already installed when building with makepkg. Members of this group should not be included in makedepends array.
Repp commented on 2023-02-09 02:31 (UTC)
automake and autoconf should be added to makedepends
Pinned Comments
bboozzoo commented on 2018-10-25 11:56 (UTC) (edited on 2024-04-09 07:39 (UTC) by bboozzoo)
Package update notes
2.36
2.36 is the first release with AppArmor enabled by default on Arch.
If you do not have AppArmor enabled at boot there should be no functional changes visible.
If you wish to use snaps with Apparmor, first make sure that Apparmor is enabled during boot, see https://wiki.archlinux.org/index.php/AppArmor for details. After upgrading the package, you need to do the following steps:
systemctl restart apparmor.servicesnapd:systemctl restart snapd.servicesystemctl enable --now snapd.apparmor.service2.62
Since 2.62 snapd generated additional files describing the sandbox. The snapd service needs to be restarted after the update for snaps to continue working (unless the system is rebooted after the update, in which case no additional steps are needed). To restart, run
systemctl restart snapd.service