Ubuntu
ubuntu-release-upgrader package

All Snaps Broken After Release Upgrade

  1. Jammy (22.04)
  2. Bug #2009317
Bug #2009317 reported by Brett Holman
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
Confirmed
Undecided
Unassigned
Kinetic
Confirmed
Undecided
Unassigned
ubuntu-release-upgrader (Ubuntu)
Incomplete
Undecided
Unassigned
Jammy
Incomplete
Undecided
Unassigned
Kinetic
Incomplete
Undecided
Unassigned

Bug Description

isa~ lsb_release -rd
No LSB modules are available.
Description: Ubuntu Lunar Lobster (development branch)
Release: 23.04

Expected behavior:
==================
Installed snaps worked before do-release-upgrade (from Kinetic to Lunar), they should also work after.

Actual behavior:
==================
Snaps worked before do-release-upgrade, NONE work after. Printed warning is useless. Debugging requires secondary device. This should be a trivial fix (re-enable apparmor service at the end of do-release-upgrade).

isa~ firefox
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Please make sure that the snapd.apparmor service is enabled and started.
isa~ systemctl status snapd.apparmor
● snapd.apparmor.service - Load AppArmor profiles managed internally by snapd
     Loaded: loaded (/lib/systemd/system/snapd.apparmor.service; enabled; preset: enabled)
     Active: active (exited) since Sun 2023-03-05 18:27:10 MST; 10min ago
   Main PID: 826 (code=exited, status=0/SUCCESS)
        CPU: 43.722s

Mar 05 18:27:10 isa systemd[1]: Finished Load AppArmor profiles managed internally by snapd.
Notice: journal has been rotated since unit was started, output may be incomplete.

It looks like during the release upgrade apparmor was disabled and needs to be re-enabled.

isa~ systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
isa~ systemctl start apparmor

Notes:
======
This is a reoccurring bug, I hit it when upgrading to Kinetic as well on the same device. This does NOT happen on all devices (my other device didn't hit this issue when upgrading Jammy->Kinetic->Lunar). This is a bad user experience - debugging requires a secondary device because Ubuntu browsers are snap-based.

See original description
Brett Holman (holmanb)
description: updated
Revision history for this message
Nick Rosbrook (enr0n) wrote :

I haven't been able to look to closely at this yet, but my hunch is that this is not a u-r-u bug. We *could* add a quirk to fix this, but it seems like the root cause could be in the packaging of apparmor (or maybe snapd).

Changed in ubuntu-release-upgrader (Ubuntu):
status: New → Incomplete
Changed in ubuntu-release-upgrader (Ubuntu Jammy):
status: New → Incomplete
Changed in ubuntu-release-upgrader (Ubuntu Kinetic):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu Jammy):
status: New → Confirmed
Changed in apparmor (Ubuntu Kinetic):
status: New → Confirmed
Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Georgia Garcia (georgiag) wrote :

Hi! Could you upload some system logs of when this happens?

Revision history for this message
Brett Holman (holmanb) wrote :

I can do that. Which logs would be most useful?

Revision history for this message
Georgia Garcia (georgiag) wrote :

I think /var/log/syslog and /var/log/kern.log will be sufficient.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.