services start before apparmor profiles are loaded
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Invalid
|
Undecided
|
Unassigned | ||
snapd |
Fix Released
|
High
|
Zygmunt Krynicki | ||
apparmor (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge | ||
Focal |
Fix Released
|
Critical
|
Jamie Strandboge | ||
snapd (Ubuntu) |
Fix Released
|
High
|
Michael Vogt | ||
Focal |
Fix Released
|
High
|
Michael Vogt | ||
zsys (Ubuntu) |
Invalid
|
Undecided
|
Jean-Baptiste Lallement | ||
Focal |
Invalid
|
Undecided
|
Jean-Baptiste Lallement |
Bug Description
Per discussion with Zyga in #snapd on Freenode, I have hit a race condition where services are being started by the system before apparmor has been started. I have a complete log of my system showing the effect somewhere within at https:/
Previously, when running any snap I would receive the following in the terminal:
---
cannot change profile for the next exec call: No such file or directory
snap-update-ns failed with code 1: File exists
---
Updated to add for Jamie:
$ snap version
snap 2.44.2+20.04
snapd 2.44.2+20.04
series 16
ubuntu 20.04
kernel 5.4.0-21-generic
Changed in zsys (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Critical |
Changed in zsys (Ubuntu Focal): | |
milestone: | none → ubuntu-20.04 |
assignee: | nobody → Jean-Baptiste Lallement (jibel) |
Changed in apparmor (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in snapd: | |
status: | New → In Progress |
assignee: | nobody → Zygmunt Krynicki (zyga) |
importance: | Undecided → High |
milestone: | none → 2.44.3 |
Changed in snapd: | |
status: | In Progress → Fix Released |
tags: | added: jammy |
tags: | removed: jammy |
This was also reported by Alan Pope.
I think we should consider adding After=apparmor. service to all service units.