Apologies for the lengthy bug report as I do not have sufficient knowledge to how AppArmor and Snap-Store works to be able to provide specific evidence of actions and outcomes. However, I am happy to see I am not the only one on the internet who struggles with AppArmor and the usability behind it.
=====EXPERIENCE=====
-Stage 1-
As a new user to Ubuntu who just migrated from Windows 7,
the user installed Freemind using Snap-Store,
but every time the user tried to open a Freemind mindmap that is on in the ./media/nic/StorageSSD/Mindmaps folder the following error message displayed:
"cmd_run.go:884: WARNING: cannot create user data directory: cannot create "/home/nicolaas/snap/freemind/4": mkdir /home/nicolaas/snap/freemind/4: permission denied
cannot read mount namespace identifier of pid 1: Permission denied".
-Stage 2-
After executing "sudo aa-logprof" as internet search results pointed towards AppArmor,
the Snap-Store GUI stopped working. The user just selected (I) or (A)llow for everything that returned.
There might have been a chance that "sudo aa-genprof freemind" was executed before this.
-Stage 3-
When executing "snap-store" or "freemind" from terminal the following error message is displayed:
"cannot self-bind mount /run/snapd/ns: Permission denied"
-Stage 4-
The user opened "Software" (Location: /usr/share/applications) from the start menu which appeared to be doing the same as Snap-Store. From "Software", removed "Snap-Store" and "Freemind". Then installed them again using "Software". The same error message is displayed:
"cannot self-bind mount /run/snapd/ns: Permission denied"
-Stage 5-
Further research on the internet someone mentioned on a forum that this kind of behaviour is possibly due to using the "Software" application to install "Snap-Store" and not "Snapd".
-Stage 6-
Then executed "sudo snap remove snap-store" and "sudo snap remove freemind".
Then executed "sudo snap install snap-store" and "sudo snap install freemind".
The install completed successfully.
-Stage 7-
When executing "sudo aa-genprof snap-store", no new events are found during the (S)can system log, so the user can only (F)inish.
-Stage 8-
This is when the user assumed since the error was "snapd" that the issue will be resolved by executing "sudo aa-genprof snapd". This then displayed the content stated in the attached file and instructions.
-Stage 9-
When executing "sudo aa-genprof snapd" again the following error message is displayed:
"ERROR: Can't find snapd in the system path list. If the name of the application
is correct, please run 'which snapd' as a user with correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter."
-Stage 10-
When executing "which snapd" no results are returned.
=====EXPECTATION=====
1. "Snap-Store" should have better permission options available. "Snap-Store" has 5 permissions where "Freemind" only had 2 permissions. General apps that allow users to CRUD files should include accessing removable media permission options.
2. AppArmor should have a better approach for users, especially new users, to troubleshoot and configuring permissions.
3. Permission error messages related to AppArmor must be more specific and user friendly to improve the communication and troubleshooting between users and the community. The error codes was not found using Google.
4. There really MUST be an easier way to move an application/services from "enforce mode" to "complain mode".
=====SYSTEM CONFIGURATION=====
Operating System: Kubuntu 19.10
KDE Plasma Version: 5.16.5
KDE Frameworks Version: 5.62.0
Qt Version: 5.12.4
Kernel Version: 5.3.0-26-generic
OS Type: 64-bit
Processors: 4 × Intel® Core™ i3 CPU M 350 @ 2.27GHz
Memory: 7,6 GiB of RAM
=====APPARMOR PROFILES CONFIGURATION=====
apparmor module is loaded.
80 profiles are loaded.
59 profiles are in enforce mode.
/home/nicolaas/snap
/sbin/dhclient
/snap
/snap/core/8268/usr/lib/snapd/snap-confine
/snap/core/8268/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snap-store/209/snap
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/man
/usr/bin/snap
/usr/bin/snap//null-/snap/core/8268/usr/bin/snap
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm-guest-session
/usr/lib/lightdm/lightdm-guest-session//chromium
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/haveged
/usr/sbin/ippusbxd
/usr/sbin/mysqld-akonadi
/usr/sbin/mysqld-akonadi///usr/sbin/mysqld
/usr/sbin/tcpdump
chromium_browser//browser_java
chromium_browser//browser_openjdk
chromium_browser//sanitized_helper
libreoffice-senddoc
libreoffice-soffice//gpg
libreoffice-xpdfimport
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
snap-update-ns.core
snap-update-ns.freemind
snap-update-ns.gnome-calculator
snap-update-ns.gnome-characters
snap-update-ns.gnome-logs
snap-update-ns.okular
snap-update-ns.remmina
snap-update-ns.snap-store
snap.core.hook.configure
snap.freemind.freemind
snap.gnome-calculator.gnome-calculator
snap.gnome-characters.gnome-characters
snap.gnome-logs.gnome-logs
snap.okular.okular
snap.remmina.remmina
snap.remmina.winpr-hash
snap.remmina.winpr-makecert
snap.snap-store.snap-store
21 profiles are in complain mode.
/usr/sbin/dnsmasq
/usr/sbin/dnsmasq//libvirt_leaseshelper
avahi-daemon
chromium_browser
chromium_browser//chromium_browser_sandbox
chromium_browser//lsb_release
chromium_browser//xdgsettings
identd
klogd
libreoffice-oopslash
libreoffice-soffice
mdnsd
nmbd
nscd
ping
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
syslog-ng
syslogd
traceroute
6 processes have profiles defined.
4 processes are in enforce mode.
/usr/sbin/cups-browsed (739)
/usr/sbin/cupsd (606)
/usr/sbin/haveged (581)
/usr/sbin/mysqld (1806) /usr/sbin/mysqld-akonadi///usr/sbin/mysqld
2 processes are in complain mode.
/usr/sbin/avahi-daemon (619) avahi-daemon
/usr/sbin/avahi-daemon (732) avahi-daemon
0 processes are unconfined but have a profile defined.
=====CONTENT OF TXT FILE LOGGED=====
<pre>Traceback (most recent call last):
File "/usr/sbin/aa-genprof", line 92, in <module>
program = apparmor.get_full_path(profiling)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 193, in get_full_path
path = os.getcwd() + '/' + path
FileNotFoundError: [Errno 2] No such file or directory
</pre>
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
Apologies for the lengthy bug report as I do not have sufficient knowledge to how AppArmor and Snap-Store works to be able to provide specific evidence of actions and outcomes. However, I am happy to see I am not the only one on the internet who struggles with AppArmor and the usability behind it.
=====EXPERIENCE ===== nic/StorageSSD/ Mindmaps folder the following error message displayed: nicolaas/ snap/freemind/ 4": mkdir /home/nicolaas/ snap/freemind/ 4: permission denied
-Stage 1-
As a new user to Ubuntu who just migrated from Windows 7,
the user installed Freemind using Snap-Store,
but every time the user tried to open a Freemind mindmap that is on in the ./media/
"cmd_run.go:884: WARNING: cannot create user data directory: cannot create "/home/
cannot read mount namespace identifier of pid 1: Permission denied".
-Stage 2-
After executing "sudo aa-logprof" as internet search results pointed towards AppArmor,
the Snap-Store GUI stopped working. The user just selected (I) or (A)llow for everything that returned.
There might have been a chance that "sudo aa-genprof freemind" was executed before this.
-Stage 3-
When executing "snap-store" or "freemind" from terminal the following error message is displayed:
"cannot self-bind mount /run/snapd/ns: Permission denied"
-Stage 4- applications) from the start menu which appeared to be doing the same as Snap-Store. From "Software", removed "Snap-Store" and "Freemind". Then installed them again using "Software". The same error message is displayed:
The user opened "Software" (Location: /usr/share/
"cannot self-bind mount /run/snapd/ns: Permission denied"
-Stage 5-
Further research on the internet someone mentioned on a forum that this kind of behaviour is possibly due to using the "Software" application to install "Snap-Store" and not "Snapd".
-Stage 6-
Then executed "sudo snap remove snap-store" and "sudo snap remove freemind".
Then executed "sudo snap install snap-store" and "sudo snap install freemind".
The install completed successfully.
-Stage 7-
When executing "sudo aa-genprof snap-store", no new events are found during the (S)can system log, so the user can only (F)inish.
-Stage 8-
This is when the user assumed since the error was "snapd" that the issue will be resolved by executing "sudo aa-genprof snapd". This then displayed the content stated in the attached file and instructions.
-Stage 9-
When executing "sudo aa-genprof snapd" again the following error message is displayed:
"ERROR: Can't find snapd in the system path list. If the name of the application
is correct, please run 'which snapd' as a user with correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter."
-Stage 10-
When executing "which snapd" no results are returned.
=====EXPECTATIO N===== services from "enforce mode" to "complain mode".
1. "Snap-Store" should have better permission options available. "Snap-Store" has 5 permissions where "Freemind" only had 2 permissions. General apps that allow users to CRUD files should include accessing removable media permission options.
2. AppArmor should have a better approach for users, especially new users, to troubleshoot and configuring permissions.
3. Permission error messages related to AppArmor must be more specific and user friendly to improve the communication and troubleshooting between users and the community. The error codes was not found using Google.
4. There really MUST be an easier way to move an application/
=====SYSTEM CONFIGURATION=====
Operating System: Kubuntu 19.10
KDE Plasma Version: 5.16.5
KDE Frameworks Version: 5.62.0
Qt Version: 5.12.4
Kernel Version: 5.3.0-26-generic
OS Type: 64-bit
Processors: 4 × Intel® Core™ i3 CPU M 350 @ 2.27GHz
Memory: 7,6 GiB of RAM
=====APPARMOR PROFILES CONFIGURATION===== nicolaas/ snap core/8268/ usr/lib/ snapd/snap- confine core/8268/ usr/lib/ snapd/snap- confine/ /mount- namespace- capture- helper snap-store/ 209/snap bin/evince- previewer bin/evince- previewer/ /sanitized_ helper bin/evince- thumbnailer bin/evince/ /sanitized_ helper bin/snap/ /null-/ snap/core/ 8268/usr/ bin/snap lib/NetworkMana ger/nm- dhcp-client. action lib/NetworkMana ger/nm- dhcp-helper lib/connman/ scripts/ dhclient- script lib/cups/ backend/ cups-pdf lib/lightdm/ lightdm- guest-session lib/lightdm/ lightdm- guest-session/ /chromium lib/snapd/ snap-confine lib/snapd/ snap-confine/ /mount- namespace- capture- helper sbin/cups- browsed sbin/cupsd/ /third_ party sbin/haveged sbin/ippusbxd sbin/mysqld- akonadi sbin/mysqld- akonadi/ //usr/sbin/ mysqld sbin/tcpdump browser/ /browser_ java browser/ /browser_ openjdk browser/ /sanitized_ helper senddoc soffice/ /gpg xpdfimport modprobe/ /kmod update- ns.core update- ns.freemind update- ns.gnome- calculator update- ns.gnome- characters update- ns.gnome- logs update- ns.okular update- ns.remmina update- ns.snap- store core.hook. configure freemind. freemind gnome-calculato r.gnome- calculator gnome-character s.gnome- characters gnome-logs. gnome-logs okular. okular remmina. remmina remmina. winpr-hash remmina. winpr-makecert snap-store. snap-store sbin/dnsmasq sbin/dnsmasq/ /libvirt_ leaseshelper browser/ /chromium_ browser_ sandbox browser/ /lsb_release browser/ /xdgsettings oopslash soffice useradd/ //etc/init. d/nscd sbin/cups- browsed (739) sbin/haveged (581) mysqld- akonadi/ //usr/sbin/ mysqld sbin/avahi- daemon (619) avahi-daemon sbin/avahi- daemon (732) avahi-daemon
apparmor module is loaded.
80 profiles are loaded.
59 profiles are in enforce mode.
/home/
/sbin/dhclient
/snap
/snap/
/snap/
/snap/
/usr/bin/evince
/usr/
/usr/
/usr/
/usr/
/usr/bin/man
/usr/bin/snap
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/sbin/cupsd
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
chromium_
chromium_
chromium_
libreoffice-
libreoffice-
libreoffice-
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_
snap-
snap-
snap-
snap-
snap-
snap-
snap-
snap-
snap.
snap.
snap.
snap.
snap.
snap.
snap.
snap.
snap.
snap.
21 profiles are in complain mode.
/usr/
/usr/
avahi-daemon
chromium_browser
chromium_
chromium_
chromium_
identd
klogd
libreoffice-
libreoffice-
mdnsd
nmbd
nscd
ping
smbd
smbldap-useradd
smbldap-
syslog-ng
syslogd
traceroute
6 processes have profiles defined.
4 processes are in enforce mode.
/usr/
/usr/sbin/cupsd (606)
/usr/
/usr/sbin/mysqld (1806) /usr/sbin/
2 processes are in complain mode.
/usr/
/usr/
0 processes are unconfined but have a profile defined.
=====CONTENT OF TXT FILE LOGGED===== aa-genprof" , line 92, in <module> get_full_ path(profiling) python3/ dist-packages/ apparmor/ aa.py", line 193, in get_full_path /bugs.launchpad .net/apparmor/
<pre>Traceback (most recent call last):
File "/usr/sbin/
program = apparmor.
File "/usr/lib/
path = os.getcwd() + '/' + path
FileNotFoundError: [Errno 2] No such file or directory
</pre>
Please consider reporting a bug at https:/
and attach this file.