Package Details: snapd 2.51.1-1

Git Clone URL: https://aur.archlinux.org/snapd.git (read-only, click to copy)
Package Base: snapd
Description: Service and tools for management of snap packages.
Upstream URL: https://github.com/snapcore/snapd
Licenses: GPL3
Conflicts: snap-confine
Submitter: Barthalion
Maintainer: bboozzoo (zyga)
Last Packager: bboozzoo
Votes: 163
Popularity: 4.70
First Submitted: 2018-01-07 17:37
Last Updated: 2021-06-28 07:58

Pinned Comments

bboozzoo commented on 2018-10-25 11:56

2.36 is the first release with AppArmor enabled by default on Arch.

If you do not have AppArmor enabled at boot there should be no functional changes visible.

If you wish to use snaps with Apparmor, first make sure that Apparmor is enabled during boot, see https://wiki.archlinux.org/index.php/AppArmor for details. After upgrading the package, you need to do the following steps:

  • Reload the profiles: systemctl restart apparmor.service
  • Restart snapd: systemctl restart snapd.service
  • Load profiles for snaps: systemctl enable --now snapd.apparmor.service

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 ... Next › Last »

dmp1ce commented on 2020-12-11 15:01

@bboozzoo: Thank you. Maybe this issue will be more motivating. https://bugs.archlinux.org/task/68943

bboozzoo commented on 2020-12-11 14:51

@dmp1ce thanks for checking. I see that they already closed a task because AUR was mentioned, that's very useful (as always).

If you care enough about Arch you could try filing a new bug, attaching the snippet I provided, include the version of apparmor, linux, linux-lts, and preferrably strace -vf ./a.out too. IMO it's most likely a bug in libapparmor. This is unrelated to snapd or AUR.

dmp1ce commented on 2020-12-11 14:34

david@bar:/tmp/apparmor_test$ gcc a.c -lapparmor
david@bar:/tmp/apparmor_test$ ls
a.c  a.out
david@bar:/tmp/apparmor_test$ ./a.out 
aa_getcon: Invalid argument
1 david@bar:/tmp/apparmor_test$ uname -a
Linux bar 5.4.82-1-lts #1 SMP Tue, 08 Dec 2020 12:10:59 +0000 x86_64 GNU/Linux

dmp1ce commented on 2020-12-11 14:29

$ ./a.out 
david@bar:/tmp/apparmor_test$ gcc a.c -lapparmor
david@bar:/tmp/apparmor_test$ ls
a.c  a.out
david@bar:/tmp/apparmor_test$ ./a.out 
label: unconfined
mode: (null)   
david@bar:/tmp/apparmor_test$ uname -a
Linux bar 5.9.13-arch1-1 #1 SMP PREEMPT Tue, 08 Dec 2020 12:09:55 +0000 x86_64 GNU/Linux

bboozzoo commented on 2020-12-11 13:53

@dmp1ce sorry, I meant this gist: https://gist.github.com/bboozzoo/840cdbd066ab81ca438fab6b0b75ea1b build it with gcc a.c -lapparmor. Does it run?

dmp1ce commented on 2020-12-11 12:49

I posted an issue but I have a feeling it will be rejected because of snapd being from the AUR. https://bugs.archlinux.org/task/68938

dmp1ce commented on 2020-12-11 12:40

@bboozzoo: aa-status seems to work on LTS. The other command didn't find the file. I'll try the snippet, but the snippet you provided looks like my error output. Is it the right gist?

david@bar:~$ cat /proc/slef/attr/apparmor/current                                                                                                                                                                                             
cat: /proc/slef/attr/apparmor/current: No such file or directory                                                                                                                                                                              
1 david@bar:~$ sudo cat /proc/slef/attr/apparmor/current                                                                                                                                                                                      
[sudo] password for david:                                                                                                                                                                                                                    
cat: /proc/slef/attr/apparmor/current: No such file or directory

bboozzoo commented on 2020-12-11 12:35

@dmp1ce so it may be a case when the new libapparmor does not handle old kernels too well. I would suggest you try to build the snippet I provided: https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d and if that fails on the LTS kernel, you should most likely file a bug for the apparmor package.

dmp1ce commented on 2020-12-11 12:33

@bbozzoo: booting up non-LTS works fine. Do you still want the information on the LTS version?

bboozzoo commented on 2020-12-11 06:49

@dmp1ce thanks, this is highly unexpected. Everything else suggests that AppArmor is enabled, but then it really isn't working:

openat(AT_FDCWD, "/proc/1051439/attr/apparmor/current", O_RDONLY) = -1 ENOENT (No such file or directory)
futex(0x7fabaf3ad368, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "cannot query current apparmor pr"..., 37cannot query current apparmor profile) = 37

Can you cat /proc/slef/attr/apparmor/current in a shell? Does it work? Does aa-status work?

Maybe it has something to do with the LTS kernel, I would suggest trying to boot the non-LTS one. Another thing to try, is to rebuild the snapd package, perhaps it was last built on your system before apparmor 2.x.x -> 3.x.x switch.

Edit: can you try building and running this snippet https://gist.github.com/dmp1ce/8a321608fbcf4c3ea61fce134e1f0b0d ?