> Hi reetp, I'm specifically addressing you because your use-case is exactly the case that I'm attempting to support in the "phase 1" of removing this annoying limitation
Hi, and thanks for looking!
Let me try it. I need to reinstall snapd.....done.
Xenial, all packages updated.
ii snapd 2.54.3+18.04.2ubuntu0.2 amd64 Daemon and tooling that enable snap packages
Note I already had this which was a fail.
cat /etc/apparmor.d/tunables/home.d/ubuntu
(This is the file auto created with dpkg-reconfigre apparmor)
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details.
@{HOMEDIRS}+=/home/e-smith/files/users/
Feel free to do one of:
$ sudo dpkg-reconfigure apparmor
Or drop a file into /etc/apparmor.d/tunables/home.d that has:
@{HOMEDIRS}+=/some/nonstandard/home/users/
I forgot to mention you'll need to reload the policy after doing this. So after adjust the HOMEDIRS apparmor variable as stated in comment #6, I suggest:
So I set the apparmor as above. Cleared the caches and rebooted.
john@xubuntu:~$ sudo snap install hello-world
hello-world 6.4 from Canonical✓ installed
john@xubuntu:~$ hello-world
cannot create user data directory: /home/e-smith/files/users/john/snap/hello-world/29: Permission denied
john@xubuntu:~$ sudo hello-world
Hello World!
john@xubuntu:~$ hello-world
cannot create user data directory: /home/e-smith/files/users/john/snap/hello-world/29: Permission denied
And then installed snap-store as well but can't run it as a user:
john@xubuntu:~$ snap-store
cannot create user data directory: /home/e-smith/files/users/john/snap/snap-store/558: Permission denied
john@xubuntu-8300-1:~$ ll /home/e-smith/files/users/john/snap/
total 16
drwx------ 4 john john 4096 Apr 20 17:14 ./
drwx------ 108 john john 4096 Apr 20 17:06 ../
drwxr-xr-x 4 john john 4096 Apr 20 17:00 hello-world/
drwxr-xr-x 4 john john 4096 Apr 20 17:14 snap-store/
john@xubuntu-8300-1:~$ ll /home/e-smith/files/users/john/snap/snap-store
total 16
drwxr-xr-x 4 john john 4096 Apr 20 17:14 ./
drwx------ 4 john john 4096 Apr 20 17:14 ../
drwxr-xr-x 2 john john 4096 Apr 20 17:14 558/
drwxr-xr-x 2 john john 4096 Apr 20 17:14 common/
lrwxrwxrwx 1 john john 3 Apr 20 17:14 current -> 558/
journalctl -xe
-- Subject: Unit UNIT has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit UNIT has failed.
--
-- The result is RESULT.
Apr 20 18:21:12 xubuntu systemd[3772]: snap.hello-world.hello-world.4de7faab-fc60-4c57-b492-ce3416d6b6cd.scope: Failed to add PIDs to scope's control group: Permission denied
Apr 20 18:21:12 xubuntu systemd[3772]: snap.hello-world.hello-world.4de7faab-fc60-4c57-b492-ce3416d6b6cd.scope: Failed with result 'resources'.
Apr 20 18:21:12 xubuntu systemd[3772]: Failed to start snap.hello-world.hello-world.4de7faab-fc60-4c57-b492-ce3416d6b6cd.scope.
-- Subject: Unit UNIT has failed
syslog
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: snap.hello-world.hello-world.2f6ed7d4-34e8-41d1-acc5-c4f7d64f2fa1.scope: Failed to add PIDs to scope's control group: Permission denied
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: snap.hello-world.hello-world.2f6ed7d4-34e8-41d1-acc5-c4f7d64f2fa1.scope: Failed with result 'resources'.
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: Failed to start snap.hello-world.hello-world.2f6ed7d4-34e8-41d1-acc5-c4f7d64f2fa1.scope.
Apr 20 18:27:40 xubuntu-8300-1 kernel: [ 3337.306515] audit: type=1400 audit(1650472060.581:77): apparmor="DENIED" operation="open" profile="/snap/core/12834/usr/lib/snapd/snap-confine" name="/home/e-smith/files/" pid=4185 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=5001 ouid=0
Why this? name="/home/e-smith/files/" and not "/home/e-smith/files/users/" ?
One thing to note is on this box I use SSSD logins for authentication. However, it doesn't appear to show any errors, and others without that type of login/authent still have the same issue.
Let me know if you want further information/tests. Happy to try and debug it.
> Hi reetp, I'm specifically addressing you because your use-case is exactly the case that I'm attempting to support in the "phase 1" of removing this annoying limitation
Hi, and thanks for looking!
Let me try it. I need to reinstall snapd.....done.
Xenial, all packages updated.
ii snapd 2.54.3+ 18.04.2ubuntu0. 2 amd64 Daemon and tooling that enable snap packages
Note I already had this which was a fail.
cat /etc/apparmor. d/tunables/ home.d/ ubuntu
(This is the file auto created with dpkg-reconfigre apparmor)
# This file is auto-generated. It is recommended you update it using: +=/home/ e-smith/ files/users/
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details.
@{HOMEDIRS}
------- ------- ------- ------- ------- ------- ------- ------
Just to precis #6 and #7 /bugs.launchpad .net/snappy/ +bug/1620771/ comments/ 6
https:/
Feel free to do one of:
$ sudo dpkg-reconfigure apparmor
Or drop a file into /etc/apparmor. d/tunables/ home.d that has: +=/some/ nonstandard/ home/users/
@{HOMEDIRS}
I forgot to mention you'll need to reload the policy after doing this. So after adjust the HOMEDIRS apparmor variable as stated in comment #6, I suggest:
$ sudo rm -f /etc/apparmor. d/cache/ * /var/cache/ apparmor/ snap.*
$ sudo reboot
(there are other ways to do this without a reboot, but this should work regardless of what apparmor policy you have already generated)
------- ------- ------- ------- ------- ------- ------- ------
So I set the apparmor as above. Cleared the caches and rebooted.
john@xubuntu:~$ sudo snap install hello-world
hello-world 6.4 from Canonical✓ installed
john@xubuntu:~$ hello-world smith/files/ users/john/ snap/hello- world/29: Permission denied
cannot create user data directory: /home/e-
john@xubuntu:~$ sudo hello-world
Hello World!
john@xubuntu:~$ hello-world smith/files/ users/john/ snap/hello- world/29: Permission denied
cannot create user data directory: /home/e-
And then installed snap-store as well but can't run it as a user:
john@xubuntu:~$ snap-store smith/files/ users/john/ snap/snap- store/558: Permission denied
cannot create user data directory: /home/e-
john@xubuntu- 8300-1: ~$ ll /home/e- smith/files/ users/john/ snap/ 8300-1: ~$ ll /home/e- smith/files/ users/john/ snap/snap- store
total 16
drwx------ 4 john john 4096 Apr 20 17:14 ./
drwx------ 108 john john 4096 Apr 20 17:06 ../
drwxr-xr-x 4 john john 4096 Apr 20 17:00 hello-world/
drwxr-xr-x 4 john john 4096 Apr 20 17:14 snap-store/
john@xubuntu-
total 16
drwxr-xr-x 4 john john 4096 Apr 20 17:14 ./
drwx------ 4 john john 4096 Apr 20 17:14 ../
drwxr-xr-x 2 john john 4096 Apr 20 17:14 558/
drwxr-xr-x 2 john john 4096 Apr 20 17:14 common/
lrwxrwxrwx 1 john john 3 Apr 20 17:14 current -> 558/
journalctl -xe
-- Subject: Unit UNIT has failed www.ubuntu. com/support world.hello- world.4de7faab- fc60-4c57- b492-ce3416d6b6 cd.scope: Failed to add PIDs to scope's control group: Permission denied world.hello- world.4de7faab- fc60-4c57- b492-ce3416d6b6 cd.scope: Failed with result 'resources'. world.hello- world.4de7faab- fc60-4c57- b492-ce3416d6b6 cd.scope.
-- Defined-By: systemd
-- Support: http://
--
-- Unit UNIT has failed.
--
-- The result is RESULT.
Apr 20 18:21:12 xubuntu systemd[3772]: snap.hello-
Apr 20 18:21:12 xubuntu systemd[3772]: snap.hello-
Apr 20 18:21:12 xubuntu systemd[3772]: Failed to start snap.hello-
-- Subject: Unit UNIT has failed
syslog
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: snap.hello- world.hello- world.2f6ed7d4- 34e8-41d1- acc5-c4f7d64f2f a1.scope: Failed to add PIDs to scope's control group: Permission denied world.hello- world.2f6ed7d4- 34e8-41d1- acc5-c4f7d64f2f a1.scope: Failed with result 'resources'. world.hello- world.2f6ed7d4- 34e8-41d1- acc5-c4f7d64f2f a1.scope. 0.581:77) : apparmor="DENIED" operation="open" profile= "/snap/ core/12834/ usr/lib/ snapd/snap- confine" name="/ home/e- smith/files/ " pid=4185 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=5001 ouid=0
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: snap.hello-
Apr 20 18:27:40 xubuntu-8300-1 systemd[3772]: Failed to start snap.hello-
Apr 20 18:27:40 xubuntu-8300-1 kernel: [ 3337.306515] audit: type=1400 audit(165047206
Why this? name="/ home/e- smith/files/ " and not "/home/ e-smith/ files/users/ " ?
One thing to note is on this box I use SSSD logins for authentication. However, it doesn't appear to show any errors, and others without that type of login/authent still have the same issue.
Let me know if you want further information/tests. Happy to try and debug it.