Ubuntu
snapd package

  1. Bug #1662552
  2. Activity log

Activity log for bug #1662552

Date Who What changed Old value New value Message
2017-02-07 15:34:19 Robert Redl bug added bug
2017-02-07 16:46:16 Jamie Strandboge snapd (Ubuntu): status New Confirmed
2017-02-07 16:46:31 Jamie Strandboge marked as duplicate 1620771
2017-02-08 17:27:15 Jamie Strandboge removed duplicate marker 1620771
2017-02-08 17:27:21 Jamie Strandboge snapd (Ubuntu): status Confirmed Incomplete
2017-02-15 14:45:23 Jamie Strandboge snapd (Ubuntu): status Incomplete Triaged
2017-02-15 14:45:33 Jamie Strandboge summary snaps don't work with NFS home /home/u/user.name snaps don't work with NFS home
2017-02-15 14:45:39 Jamie Strandboge snapd (Ubuntu): importance Undecided Medium
2017-02-15 15:19:19 Jamie Strandboge description Our home directories have the following structure: /home/u/user.name where u is the first letter of the users first name. The reason for this structure is the large number of users. The nfs mount point is /home The file /etc/apparmor.d/tunables/home.d/ubuntu contains the following line: @{HOMEDIRS}+=/home/u/ (for one example user) @{HOMEDIRS}+=/home/*/ did also not work. Starting a snap (in this example case inkscape) results in the following error message: cannot change current working directory to the original directory: Permission denied For a self-created snap in classic mode, I get the following error: cannot create user data directory: /home/u/user.name/snap/mysnap/x1: Permission denied The journal contains the following messages: kernel: nfs: RPC call returned error 13 kernel: audit: type=1400 audit(1486481365.925:127): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=25069 comm="snap-confine" laddr=x.x.x.x lport=782 faddr=x.x.x.x fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Installed packages: snapd/xenial-proposed,now 2.22.2 amd64 [installed] snap-confine/xenial-proposed,now 2.22.2 amd64 [installed] ubuntu-core-launcher/xenial-proposed,now 2.22.2 amd64 [installed] Strictly confined snap commands that don't use networking in their interfaces (eg, 'plugs: [ network ]') do not work for users with NFS home because of AppArmor denials for networking. WORKAROUND: Add the following to /etc/apparmor.d/abstractions/base and /etc/apparmor.d/usr.lib.snapd.snap-confine: network inet, network inet6, Then reload policy with: $ sudo apparmor_parser -r /etc/apparmor.d/usr.lib.snapd.snap-confine $ sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.* Unfortunately this adds networking to all profiles on the system. snapd could be updated to conditionally add these rules to snap-confine and non-daemon commands to help users. When fine-grained network mediation is implemented in AppArmor, it may be able to help limit the scope of the added rules (but this would need to be researched, NFS in the kernel is a bit twisty). = Original report = Our home directories have the following structure: /home/u/user.name where u is the first letter of the users first name. The reason for this structure is the large number of users. The nfs mount point is /home The file /etc/apparmor.d/tunables/home.d/ubuntu contains the following line: @{HOMEDIRS}+=/home/u/ (for one example user) @{HOMEDIRS}+=/home/*/ did also not work. Starting a snap (in this example case inkscape) results in the following error message: cannot change current working directory to the original directory: Permission denied For a self-created snap in classic mode, I get the following error: cannot create user data directory: /home/u/user.name/snap/mysnap/x1: Permission denied The journal contains the following messages: kernel: nfs: RPC call returned error 13 kernel: audit: type=1400 audit(1486481365.925:127): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=25069 comm="snap-confine" laddr=x.x.x.x lport=782 faddr=x.x.x.x fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Installed packages: snapd/xenial-proposed,now 2.22.2 amd64 [installed] snap-confine/xenial-proposed,now 2.22.2 amd64 [installed] ubuntu-core-launcher/xenial-proposed,now 2.22.2 amd64 [installed]
2017-04-28 11:34:44 Zygmunt Krynicki bug task added snappy
2017-04-28 11:34:53 Zygmunt Krynicki affects snappy snapd
2017-04-28 11:35:02 Zygmunt Krynicki snapd: status New Triaged
2017-04-28 11:35:07 Zygmunt Krynicki snapd: importance Undecided Medium
2017-05-28 16:16:12 Matt Robinson bug added subscriber Matt Robinson
2017-08-19 17:30:05 Björn Torkelsson bug added subscriber Björn Torkelsson
2017-08-29 16:08:51 Michael Iatrou bug added subscriber Michael Iatrou
2017-09-21 14:17:24 Zygmunt Krynicki snapd: assignee Zygmunt Krynicki (zyga)
2017-09-21 14:17:26 Zygmunt Krynicki snapd: status Triaged In Progress
2017-10-23 18:51:56 Gustavo Niemeyer snapd: status In Progress Fix Committed
2017-11-05 09:42:50 Matt Robinson removed subscriber Matt Robinson
2018-01-30 09:49:24 Zygmunt Krynicki snapd: status Fix Committed Fix Released
2018-01-30 09:49:26 Zygmunt Krynicki snapd (Ubuntu): status Triaged Fix Released
2018-06-03 23:33:33 Jason D. Kelleher bug added subscriber Jason D. Kelleher
2018-07-31 15:46:48 Andrew Conway bug added subscriber Andrew Conway
2018-11-20 03:00:37 Santiago Castro bug added subscriber Santiago Castro
2018-12-13 14:58:29 Michal Kukuča bug added subscriber Michal Kukuča
2019-08-09 14:15:34 Kay Reinke bug added subscriber Kay Reinke
2019-10-27 00:02:22 Lennart Karssen bug added subscriber Lennart Karssen
2020-04-27 14:52:04 Matthieu Herrb bug added subscriber Matthieu Herrb
2020-10-26 17:26:17 Markus Kuhn bug added subscriber Markus Kuhn
2022-05-12 15:39:36 Erik Meitner bug added subscriber Erik Meitner
2022-05-13 07:10:13 Gerald Schneider bug added subscriber Gerald Schneider
2022-08-24 14:31:47 Matthew L. Dailey bug added subscriber Matthew L. Dailey
2022-09-09 14:15:30 Guillaume Ferry bug added subscriber Guillaume Ferry