Bug #1956942 “snap can not start chromium-browser with cgroup v2...” : Bugs : snapd package : Ubuntu

Revision history for this message

Daniele Cruciani (daniele-smartango) wrote on 2022-01-10:

#1

Dependencies.txt Edit (3.4 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (310 bytes, text/plain; charset="utf-8")

Revision history for this message

Daniele Cruciani (daniele-smartango) wrote on 2022-01-10:

#2

related also to https://github.com/snapcore/snapd/pull/7825 maybe

Revision history for this message

Maciej Borzecki (maciek-borzecki) wrote on 2022-01-10:

#3

Please attach the output of `SNAPD_DEBUG=1 snap run chromium-browser`.

Changed in snapd (Ubuntu):
status:	New → Incomplete

Revision history for this message

Daniele Cruciani (daniele-smartango) wrote on 2022-01-10:

#4

```
$ SNAPD_DEBUG=1 snap run chromium-browser
2022/01/10 12:56:07.461103 tool_linux.go:204: DEBUG: restarting into "/snap/snapd/current/usr/bin/snap"
error: cannot find current revision for snap chromium-browser: readlink /snap/chromium-browser/current: no such file or directory
```

Revision history for this message

Daniele Cruciani (daniele-smartango) wrote on 2022-01-10:

#5

Download full text (8.1 KiB)

Sorry, I think it was "chromium" simply:

$ SNAPD_DEBUG=1 snap run chromium
2022/01/10 12:58:44.366692 tool_linux.go:204: DEBUG: restarting into "/snap/snapd/current/usr/bin/snap"
2022/01/10 12:58:44.385669 cmd_run.go:425: DEBUG: SELinux not enabled
2022/01/10 12:58:44.386362 tracking.go:45: DEBUG: creating transient scope snap.chromium.chromium
2022/01/10 12:58:44.388636 tracking.go:185: DEBUG: using session bus
2022/01/10 12:58:44.393780 tracking.go:290: DEBUG: StartTransientUnit failed with "org.freedesktop.DBus.Error.Spawn.ChildExited": [Process org.freedesktop.systemd1 exited with status 1]
2022/01/10 12:58:44.393815 cmd_run.go:1187: DEBUG: snapd cannot track the started application
2022/01/10 12:58:44.393836 cmd_run.go:1188: DEBUG: snap refreshes will not be postponed by this process
DEBUG: umask reset, old umask was 02
DEBUG: security tag: snap.chromium.chromium
DEBUG: executable: /usr/lib/snapd/snap-exec
DEBUG: confinement: non-classic
DEBUG: base snap: core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
DEBUG: apparmor label on snap-confine is: /snap/snapd/14295/usr/lib/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: releasing lock 5
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: opened snap-discard-ns executable as file descriptor 6
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/chromium.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope chromium, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: chromium
DEBUG: setting up device cgroup
DEBUG: libudev has current tags support
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/card0 has matching current tag
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: get bpf object at path /sys/fs/bpf/snap/snap_chromium_chromium
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: found e...

Sorry, I think it was "chromium" simply:

$ SNAPD_DEBUG=1 snap run chromium
2022/01/10 12:58:44.366692 tool_linux.go:204: DEBUG: restarting into "/snap/snapd/current/usr/bin/snap"
2022/01/10 12:58:44.385669 cmd_run.go:425: DEBUG: SELinux not enabled
2022/01/10 12:58:44.386362 tracking.go:45: DEBUG: creating transient scope snap.chromium.chromium
2022/01/10 12:58:44.388636 tracking.go:185: DEBUG: using session bus
2022/01/10 12:58:44.393780 tracking.go:290: DEBUG: StartTransientUnit failed with "org.freedesktop.DBus.Error.Spawn.ChildExited": [Process org.freedesktop.systemd1 exited with status 1]
2022/01/10 12:58:44.393815 cmd_run.go:1187: DEBUG: snapd cannot track the started application
2022/01/10 12:58:44.393836 cmd_run.go:1188: DEBUG: snap refreshes will not be postponed by this process
DEBUG: umask reset, old umask was   02
DEBUG: security tag: snap.chromium.chromium
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
DEBUG: apparmor label on snap-confine is: /snap/snapd/14295/usr/lib/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: releasing lock 5
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: opened snap-discard-ns executable as file descriptor 6
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/chromium.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope chromium, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: chromium
DEBUG: setting up device cgroup
DEBUG: libudev has current tags support
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/card0 has matching current tag
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: get bpf object at path /sys/fs/bpf/snap/snap_chromium_chromium
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: found existing device map
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: found 25 existing entries in devices map
DEBUG: delete key for c 1:3
DEBUG: delete elem in map 8
DEBUG: delete key for c 140:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:239
DEBUG: delete elem in map 8
DEBUG: delete key for c 81:1
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:242
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:200
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:7
DEBUG: delete elem in map 8
DEBUG: delete key for c 81:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 139:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 226:129
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:9
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 226:128
DEBUG: delete elem in map 8
DEBUG: delete key for c 141:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:2
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:5
DEBUG: delete elem in map 8
DEBUG: delete key for c 143:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 138:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 226:1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:8
DEBUG: delete elem in map 8
DEBUG: delete key for c 136:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 142:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 226:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:1
DEBUG: delete elem in map 8
DEBUG: delete key for c 137:-1
DEBUG: delete elem in map 8
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: load program of type 0xf, 33 instructions
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: v2 allow c 1:3
DEBUG: v2 allow c 1:5
DEBUG: v2 allow c 1:7
DEBUG: v2 allow c 1:8
DEBUG: v2 allow c 1:9
DEBUG: v2 allow c 5:0
DEBUG: v2 allow c 5:1
DEBUG: v2 allow c 5:2
DEBUG: v2 allow c 136:4294967295
DEBUG: v2 allow c 137:4294967295
DEBUG: v2 allow c 138:4294967295
DEBUG: v2 allow c 139:4294967295
DEBUG: v2 allow c 140:4294967295
DEBUG: v2 allow c 141:4294967295
DEBUG: v2 allow c 142:4294967295
DEBUG: v2 allow c 143:4294967295
DEBUG: v2 allow c 10:239
DEBUG: v2 allow c 10:200
DEBUG: inspecting type of device: /dev/dri/card0
DEBUG: v2 allow c 226:0
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-1 has matching current tag
DEBUG: cannot get major/minor numbers for syspath /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-1
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-HDMI-A-1 has matching current tag
DEBUG: cannot get major/minor numbers for syspath /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-HDMI-A-1
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1 has matching current tag
DEBUG: cannot get major/minor numbers for syspath /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1
DEBUG: device /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 has matching current tag
DEBUG: inspecting type of device: /dev/dri/renderD128
DEBUG: v2 allow c 226:128
DEBUG: device /sys/devices/pci0000:00/0000:00:14.0/usb2/2-6/2-6:1.0/video4linux/video0 has matching current tag
DEBUG: inspecting type of device: /dev/video0
DEBUG: v2 allow c 81:0
DEBUG: device /sys/devices/pci0000:00/0000:00:14.0/usb2/2-6/2-6:1.0/video4linux/video1 has matching current tag
DEBUG: inspecting type of device: /dev/video1
DEBUG: v2 allow c 81:1
DEBUG: device /sys/devices/pci0000:00/0000:00:1c.4/0000:09:00.0/drm/card1 has matching current tag
DEBUG: inspecting type of device: /dev/dri/card1
DEBUG: v2 allow c 226:1
DEBUG: device /sys/devices/pci0000:00/0000:00:1c.4/0000:09:00.0/drm/renderD129 has matching current tag
DEBUG: inspecting type of device: /dev/dri/renderD129
DEBUG: v2 allow c 226:129
DEBUG: device /sys/devices/virtual/mem/full has matching current tag
DEBUG: inspecting type of device: /dev/full
DEBUG: v2 allow c 1:7
DEBUG: device /sys/devices/virtual/misc/rfkill has matching current tag
DEBUG: inspecting type of device: /dev/rfkill
DEBUG: v2 allow c 10:242
DEBUG: device /sys/module/rfkill has matching current tag
DEBUG: cannot get major/minor numbers for syspath /sys/module/rfkill
DEBUG: process in cgroup /user.slice/user-1000.slice/session-1.scope
/user.slice/user-1000.slice/session-1.scope is not a snap cgroup

Revision history for this message

Maciej Borzecki (maciek-borzecki) wrote on 2022-01-10:

#6

2022/01/10 12:58:44.388636 tracking.go:185: DEBUG: using session bus
2022/01/10 12:58:44.393780 tracking.go:290: DEBUG: StartTransientUnit failed with "org.freedesktop.DBus.Error.Spawn.ChildExited": [Process org.freedesktop.systemd1 exited with status 1]
2022/01/10 12:58:44.393815 cmd_run.go:1187: DEBUG: snapd cannot track the started application

Indicates that snap asked systemd to create a new scope for the application (since establishing device filtering in your current cgroup would break your session), but that failed. Judging by the error message, `systemd --user` exited or was restarted, hard to tell. Unfortunately there is nothing snapd can do about that.

Ubuntu
snapd package

snap can not start chromium-browser with cgroup v2 and hierarchy

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntusnapd package

snap can not start chromium-browser with cgroup v2 and hierarchy

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
snapd package