I've investigated this a bit and found that snapctl is hanging up because it receives a seccomp denial (we build snap-confine on OpenSuse with --enable-seccomp and --disable-apparmor).
type=SECCOMP msg=audit(1490202008.823:1229): auid=1000 uid=1000 gid=100 ses=39 pid=29303 comm="snapctl.orig" exe="/usr/bin/snapctl.orig" sig=31 arch=c000003e syscall=49 compat=0 ip=0x55d171e2f294 code=0x0
Is what I see in /var/log/audit/audit.log
syscall=49 is bind and bind is correctly specified in all seccomp profiles snapd generates:
simon@linux-82h5:/var/lib/snapd/seccomp> fgrep -R bind profiles/snap.core.hook.configure:mbind profiles/snap.core.hook.configure:# of socket(), bind(), connect(), etc individually. profiles/snap.core.hook.configure:bind profiles/snap.hello-world.evil:mbind profiles/snap.hello-world.evil:# of socket(), bind(), connect(), etc individually. profiles/snap.hello-world.sh:mbind profiles/snap.hello-world.sh:# of socket(), bind(), connect(), etc individually. profiles/snap.hello-world.hello-world:mbind profiles/snap.hello-world.hello-world:# of socket(), bind(), connect(), etc individually. profiles/snap.hello-world.env:mbind profiles/snap.hello-world.env:# of socket(), bind(), connect(), etc individually.
After building snap-confine with --disable-seccomp snapctl works as it should.
So in summary something with the seccomp setup is broken on other distributions.
I've investigated this a bit and found that snapctl is hanging up because it receives a seccomp denial (we build snap-confine on OpenSuse with --enable-seccomp and --disable- apparmor) .
type=SECCOMP msg=audit( 1490202008. 823:1229) : auid=1000 uid=1000 gid=100 ses=39 pid=29303 comm="snapctl.orig" exe="/usr/ bin/snapctl. orig" sig=31 arch=c000003e syscall=49 compat=0 ip=0x55d171e2f294 code=0x0
Is what I see in /var/log/ audit/audit. log
syscall=49 is bind and bind is correctly specified in all seccomp profiles snapd generates:
simon@linux- 82h5:/var/ lib/snapd/ seccomp> fgrep -R bind snap.core. hook.configure: mbind snap.core. hook.configure: # of socket(), bind(), connect(), etc individually. snap.core. hook.configure: bind snap.hello- world.evil: mbind snap.hello- world.evil: # of socket(), bind(), connect(), etc individually. snap.hello- world.sh: mbind snap.hello- world.sh: # of socket(), bind(), connect(), etc individually. snap.hello- world.hello- world:mbind snap.hello- world.hello- world:# of socket(), bind(), connect(), etc individually. snap.hello- world.env: mbind snap.hello- world.env: # of socket(), bind(), connect(), etc individually.
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
profiles/
After building snap-confine with --disable-seccomp snapctl works as it should.
So in summary something with the seccomp setup is broken on other distributions.