Package Details: snapd 2.62-1

Git Clone URL: https://aur.archlinux.org/snapd.git (read-only, click to copy)
Package Base: snapd
Description: Service and tools for management of snap packages.
Upstream URL: https://github.com/snapcore/snapd
Licenses: GPL3
Conflicts: snap-confine
Submitter: Barthalion
Maintainer: bboozzoo (zyga, mardy)
Last Packager: bboozzoo
Votes: 209
Popularity: 1.93
First Submitted: 2018-01-07 17:37 (UTC)
Last Updated: 2024-04-09 07:35 (UTC)

Pinned Comments

bboozzoo commented on 2018-10-25 11:56 (UTC) (edited on 2024-04-09 07:39 (UTC) by bboozzoo)

Package update notes

2.36

2.36 is the first release with AppArmor enabled by default on Arch.

If you do not have AppArmor enabled at boot there should be no functional changes visible.

If you wish to use snaps with Apparmor, first make sure that Apparmor is enabled during boot, see https://wiki.archlinux.org/index.php/AppArmor for details. After upgrading the package, you need to do the following steps:

  • Reload the profiles: systemctl restart apparmor.service
  • Restart snapd: systemctl restart snapd.service
  • Load profiles for snaps: systemctl enable --now snapd.apparmor.service
2.62

Since 2.62 snapd generated additional files describing the sandbox. The snapd service needs to be restarted after the update for snaps to continue working (unless the system is rebooted after the update, in which case no additional steps are needed). To restart, run systemctl restart snapd.service

Latest Comments

« First ‹ Previous 1 .. 5 6 7 8 9 10 11 12 13 14 15 .. 24 Next › Last »

bboozzoo commented on 2020-12-11 13:53 (UTC)

@dmp1ce sorry, I meant this gist: https://gist.github.com/bboozzoo/840cdbd066ab81ca438fab6b0b75ea1b build it with gcc a.c -lapparmor. Does it run?

dmp1ce commented on 2020-12-11 12:49 (UTC)

I posted an issue but I have a feeling it will be rejected because of snapd being from the AUR. https://bugs.archlinux.org/task/68938

dmp1ce commented on 2020-12-11 12:40 (UTC) (edited on 2020-12-11 12:42 (UTC) by dmp1ce)

@bboozzoo: aa-status seems to work on LTS. The other command didn't find the file. I'll try the snippet, but the snippet you provided looks like my error output. Is it the right gist?

david@bar:~$ cat /proc/slef/attr/apparmor/current                                                                                                                                                                                             
cat: /proc/slef/attr/apparmor/current: No such file or directory                                                                                                                                                                              
1 david@bar:~$ sudo cat /proc/slef/attr/apparmor/current                                                                                                                                                                                      
[sudo] password for david:                                                                                                                                                                                                                    
cat: /proc/slef/attr/apparmor/current: No such file or directory

bboozzoo commented on 2020-12-11 12:35 (UTC)

@dmp1ce so it may be a case when the new libapparmor does not handle old kernels too well. I would suggest you try to build the snippet I provided: https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d and if that fails on the LTS kernel, you should most likely file a bug for the apparmor package.

dmp1ce commented on 2020-12-11 12:33 (UTC)

@bbozzoo: booting up non-LTS works fine. Do you still want the information on the LTS version?

bboozzoo commented on 2020-12-11 06:49 (UTC) (edited on 2020-12-11 07:21 (UTC) by bboozzoo)

@dmp1ce thanks, this is highly unexpected. Everything else suggests that AppArmor is enabled, but then it really isn't working:

openat(AT_FDCWD, "/proc/1051439/attr/apparmor/current", O_RDONLY) = -1 ENOENT (No such file or directory)
futex(0x7fabaf3ad368, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "cannot query current apparmor pr"..., 37cannot query current apparmor profile) = 37

Can you cat /proc/slef/attr/apparmor/current in a shell? Does it work? Does aa-status work?

Maybe it has something to do with the LTS kernel, I would suggest trying to boot the non-LTS one. Another thing to try, is to rebuild the snapd package, perhaps it was last built on your system before apparmor 2.x.x -> 3.x.x switch.

Edit: can you try building and running this snippet https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d ?

dmp1ce commented on 2020-12-11 00:01 (UTC)

@bboozzoo: Thanks for looking into this. https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d

bboozzoo commented on 2020-12-10 20:13 (UTC) (edited on 2020-12-10 20:14 (UTC) by bboozzoo)

@dmp1ce interesting, can you try running snap run --strace=--raw superproductivity and post the log to a pastebin? (the log may be too long for poasting in a comment here)

Edit: you need to pacman -S strace first

dmp1ce commented on 2020-12-10 20:01 (UTC)

@bboozzoo: Here is my output.

david@bar:~$ cat /proc/self/attr/current
unconfined
david@bar:~$ SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run superproductivity
2020/12/10 14:59:51.067755 tool_linux.go:68: DEBUG: re-exec not supported on distro "arch" yet
2020/12/10 14:59:51.082619 cmd_run.go:407: DEBUG: SELinux not enabled
DEBUG: umask reset, old umask was  022
DEBUG: security tag: snap.superproductivity.superproductivity
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
cannot query current apparmor profile: Invalid argument

bboozzoo commented on 2020-12-10 16:28 (UTC)

@dmp1ce what does cat /proc/self/attr/current show?

Can you upload the logs of SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run superproductivity to some pastebin?

« First ‹ Previous 1 .. 5 6 7 8 9 10 11 12 13 14 15 .. 24 Next › Last »