Comment 3 for bug 1674193

I've investigated this a bit and found that snapctl is hanging up because it receives a seccomp denial (we build snap-confine on OpenSuse with --enable-seccomp and --disable-apparmor).

type=SECCOMP msg=audit(1490202008.823:1229): auid=1000 uid=1000 gid=100 ses=39 pid=29303 comm="snapctl.orig" exe="/usr/bin/snapctl.orig" sig=31 arch=c000003e syscall=49 compat=0 ip=0x55d171e2f294 code=0x0

Is what I see in /var/log/audit/audit.log

syscall=49 is bind and bind is correctly specified in all seccomp profiles snapd generates:

simon@linux-82h5:/var/lib/snapd/seccomp> fgrep -R bind
profiles/snap.core.hook.configure:mbind
profiles/snap.core.hook.configure:# of socket(), bind(), connect(), etc individually.
profiles/snap.core.hook.configure:bind
profiles/snap.hello-world.evil:mbind
profiles/snap.hello-world.evil:# of socket(), bind(), connect(), etc individually.
profiles/snap.hello-world.sh:mbind
profiles/snap.hello-world.sh:# of socket(), bind(), connect(), etc individually.
profiles/snap.hello-world.hello-world:mbind
profiles/snap.hello-world.hello-world:# of socket(), bind(), connect(), etc individually.
profiles/snap.hello-world.env:mbind
profiles/snap.hello-world.env:# of socket(), bind(), connect(), etc individually.

After building snap-confine with --disable-seccomp snapctl works as it should.

So in summary something with the seccomp setup is broken on other distributions.