@dmp1ce sorry, I meant this gist: https://gist.github.com/bboozzoo/840cdbd066ab81ca438fab6b0b75ea1b build it with gcc a.c -lapparmor
. Does it run?
Search Criteria
Package Details: snapd 2.62-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/snapd.git (read-only, click to copy) |
---|---|
Package Base: | snapd |
Description: | Service and tools for management of snap packages. |
Upstream URL: | https://github.com/snapcore/snapd |
Licenses: | GPL3 |
Conflicts: | snap-confine |
Submitter: | Barthalion |
Maintainer: | bboozzoo (zyga, mardy) |
Last Packager: | bboozzoo |
Votes: | 209 |
Popularity: | 1.93 |
First Submitted: | 2018-01-07 17:37 (UTC) |
Last Updated: | 2024-04-09 07:35 (UTC) |
Dependencies (16)
- apparmor (apparmor-gitAUR)
- libseccomp (libseccomp-gitAUR)
- libsystemd (systemd-libs-gitAUR, systemd-chromiumos-libsAUR, systemd-libs-selinuxAUR, systemd-libs-fmlAUR, systemd-libs)
- squashfs-tools (squashfs-tools-gitAUR)
- apparmor (apparmor-gitAUR) (make)
- autoconf-archive (autoconf-archive-gitAUR) (make)
- git (git-gitAUR) (make)
- go (go-gitAUR, gcc-go-gitAUR, gcc-go) (make)
- go-tools (go-tools-gitAUR) (make)
- libcap (make)
- libseccomp (libseccomp-gitAUR) (make)
- python-docutils (make)
- systemd (systemd-gitAUR, systemd-chromiumosAUR, systemd-selinuxAUR, systemd-fmlAUR) (make)
- xfsprogs (xfsprogs-gitAUR) (make)
- bash-completion (bash-completion-gitAUR) (optional) – bash completion support
- xdg-desktop-portal (xdg-desktop-portal-gitAUR) (optional) – desktop integration
Required by (13)
- apmpkg (optional)
- bauh (optional)
- bauh-staging (optional)
- discover-snap
- ez (optional)
- libpamac-full
- libpamac-full-git
- meta-package-manager (optional)
- pacup-arch-git (optional)
- plasma5-applets-kde-arch-update-notifier (optional)
- plasma5-applets-kde-arch-update-notifier-git (optional)
- pman (optional)
- qinfo-git (optional)
Sources (1)
Latest Comments
« First ‹ Previous 1 .. 5 6 7 8 9 10 11 12 13 14 15 .. 24 Next › Last »
bboozzoo commented on 2020-12-11 13:53 (UTC)
dmp1ce commented on 2020-12-11 12:49 (UTC)
I posted an issue but I have a feeling it will be rejected because of snapd being from the AUR. https://bugs.archlinux.org/task/68938
dmp1ce commented on 2020-12-11 12:40 (UTC) (edited on 2020-12-11 12:42 (UTC) by dmp1ce)
@bboozzoo: aa-status
seems to work on LTS. The other command didn't find the file. I'll try the snippet, but the snippet you provided looks like my error output. Is it the right gist?
david@bar:~$ cat /proc/slef/attr/apparmor/current
cat: /proc/slef/attr/apparmor/current: No such file or directory
1 david@bar:~$ sudo cat /proc/slef/attr/apparmor/current
[sudo] password for david:
cat: /proc/slef/attr/apparmor/current: No such file or directory
bboozzoo commented on 2020-12-11 12:35 (UTC)
@dmp1ce so it may be a case when the new libapparmor does not handle old kernels too well. I would suggest you try to build the snippet I provided: https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d and if that fails on the LTS kernel, you should most likely file a bug for the apparmor package.
dmp1ce commented on 2020-12-11 12:33 (UTC)
@bbozzoo: booting up non-LTS works fine. Do you still want the information on the LTS version?
bboozzoo commented on 2020-12-11 06:49 (UTC) (edited on 2020-12-11 07:21 (UTC) by bboozzoo)
@dmp1ce thanks, this is highly unexpected. Everything else suggests that AppArmor is enabled, but then it really isn't working:
openat(AT_FDCWD, "/proc/1051439/attr/apparmor/current", O_RDONLY) = -1 ENOENT (No such file or directory)
futex(0x7fabaf3ad368, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "cannot query current apparmor pr"..., 37cannot query current apparmor profile) = 37
Can you cat /proc/slef/attr/apparmor/current
in a shell? Does it work? Does aa-status
work?
Maybe it has something to do with the LTS kernel, I would suggest trying to boot the non-LTS one. Another thing to try, is to rebuild the snapd package, perhaps it was last built on your system before apparmor 2.x.x -> 3.x.x switch.
Edit: can you try building and running this snippet https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d ?
dmp1ce commented on 2020-12-11 00:01 (UTC)
@bboozzoo: Thanks for looking into this. https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d
bboozzoo commented on 2020-12-10 20:13 (UTC) (edited on 2020-12-10 20:14 (UTC) by bboozzoo)
@dmp1ce interesting, can you try running snap run --strace=--raw superproductivity
and post the log to a pastebin? (the log may be too long for poasting in a comment here)
Edit: you need to pacman -S strace
first
dmp1ce commented on 2020-12-10 20:01 (UTC)
@bboozzoo: Here is my output.
david@bar:~$ cat /proc/self/attr/current
unconfined
david@bar:~$ SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run superproductivity
2020/12/10 14:59:51.067755 tool_linux.go:68: DEBUG: re-exec not supported on distro "arch" yet
2020/12/10 14:59:51.082619 cmd_run.go:407: DEBUG: SELinux not enabled
DEBUG: umask reset, old umask was 022
DEBUG: security tag: snap.superproductivity.superproductivity
DEBUG: executable: /usr/lib/snapd/snap-exec
DEBUG: confinement: non-classic
DEBUG: base snap: core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
cannot query current apparmor profile: Invalid argument
bboozzoo commented on 2020-12-10 16:28 (UTC)
@dmp1ce what does cat /proc/self/attr/current show?
Can you upload the logs of SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run superproductivity
to some pastebin?
Pinned Comments
bboozzoo commented on 2018-10-25 11:56 (UTC) (edited on 2024-04-09 07:39 (UTC) by bboozzoo)
Package update notes
2.36
2.36 is the first release with AppArmor enabled by default on Arch.
If you do not have AppArmor enabled at boot there should be no functional changes visible.
If you wish to use snaps with Apparmor, first make sure that Apparmor is enabled during boot, see https://wiki.archlinux.org/index.php/AppArmor for details. After upgrading the package, you need to do the following steps:
systemctl restart apparmor.service
snapd
:systemctl restart snapd.service
systemctl enable --now snapd.apparmor.service
2.62
Since 2.62 snapd generated additional files describing the sandbox. The snapd service needs to be restarted after the update for snaps to continue working (unless the system is rebooted after the update, in which case no additional steps are needed). To restart, run
systemctl restart snapd.service