Every snap gives "create user data directory" after upgrade to 19.04

Status changed to 'Confirmed' because the bug affects multiple users.

I have the same issue since installing a fresh copy of Pop OS 19.04. Can confirm it's every snap command I run. VLC, LXD, etc.

Can you provide the output of:
- mount |grep selinux
- dpkg -l |grep -e selinux -e policy -e linux-image

I think the problem is the same as discussed in the forum: https://forum.snapcraft.io/t/selinux-warning-when-running-lxc/11100
The kernel package from kernel-ppa (linux-image-unsigned-5.0.9-050009-generic) seems to default to SELinux as default security backend, as set up in the config:

CONFIG_DEFAULT_SECURITY_SELINUX=y
# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="selinux"

Just installing this kernel package does not pull in any of the userspace SELinux bits. Also, Ubuntu uses AppArmor, so none of the relevant packages are installed by default. There is no tools and no policy installed.

Snapd is SELinux aware. Once it detects the host is using SELinux, it will attempt to use it, bu setting up proper context of snap user files, snap mounts and snap services started by systemd. However, since the system is only partially set up, things will fail.

Also note, with that kernel, none of the AppArmor based sandboxing of snaps works anymore. All snaps are effectively running in devmode.

Apologies, Maciej for not getting you the Output you requested. However, I think your suspicion is correct. It was definitely 5.0.9 from the kernel ppa. I recently built 5.1.3 and am not seeing the issue anymore.

Greetings ...

Yes I'm seeing this as well. It has become annoying since I decided I'd rather like to be using LXD.

BUT lxd defaults to install as a snap. *crunch* point. Now I see this nonsense all the time:

----
aplatypys one $ ll /home/aplatypys/snap/lxd/
total 16
drwxr-xr-x 4 aplatypys aplatypys 4096 Aug 1 01:24 ./
drwxr-xr-x 7 aplatypys aplatypys 4096 Jul 31 01:10 ../
drwxr-xr-x 2 aplatypys aplatypys 4096 Aug 1 01:24 11405/
drwxr-xr-x 2 aplatypys aplatypys 4096 Aug 1 01:24 common/
lrwxrwxrwx 1 aplatypys aplatypys 5 Jul 31 01:10 current -> 11405/
aplatypys one $ ll -d /home/aplatypys/snap/lxd/
drwxr-xr-x 4 aplatypys aplatypys 4096 Aug 1 01:24 /home/aplatypys/snap/lxd//
aplatypys one $ chmod g+w /home/aplatypys/snap/lxd/
aplatypys one $ lxd help
2019/08/01 02:17:04.434343 cmd_run.go:884: WARNING: cannot create user data directory: failed to verify SELinux context of /home/aplatypys/snap: exec: "matchpathcon": executable file not found in $PATH
2019/08/01 02:17:04.434427 cmd_run.go:529: WARNING: XAUTHORITY environment value is not a clean path: "/Moort/home/aplatypys/.Xauthority"
cannot create user data directory: /home/aplatypys/snap/lxd/11405: Not a directory
----

May I install lxd as a PPA or a 'normal' package?

Anyway however things are currently set -- Does not server quite a few people it seems. Until now I found I can live life without snaps. Does it also mean I will need to decide to live without lxd(???)

Am I mistaken to consider that this is a backward step?

Sincerely,

  aplatypus

@aPlatypus I think your issue is different from this bug's: your home seems to be mounted in an unconventional location (/Mort/home/aplatypys ?), which snapd can't support.

It's possible you have a /home symlink, but that isn't enough. You _can_ bind-mount it if you really need it to be in /Mort.

Dear reporter, please consider responding the question asked by John in comment number 7.

I can no longer reproduce this issue, but I believe it likely was caused by using a mainline kernel as described in comment #3.

[Expired for snapd because there has been no activity for 60 days.]

[Expired for snapd (Ubuntu) because there has been no activity for 60 days.]