Hi John, Thank you for sharing your thoughts on this. I'll try to look into experimenting with adding getattr in the seccomp profiles and investigating the paths it accesses. I'll share if I figure something out as well.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1991691 Title: cannot change mount namespace Status in Linux: New Status in linux package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Incomplete Bug description: Multiple snaps are either broken or "only" display permission denied messages. slack snap is not starting at all with: > update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.slack /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied firefox snap does start, but also logs errors: update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/doc /usr/share/doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/doc": lstat /var/lib/snapd/hostfs/usr/share/doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/fonts /usr/share/fonts none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/fonts": lstat /var/lib/snapd/hostfs/usr/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/local/share/fonts /usr/local/share/fonts none bind,ro 0 0): cannot inspect "/usr/local/share/fonts": lstat /usr/local/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/cups/doc-root /usr/share/cups/doc-root none bind,ro 0 0): cannot create directory "/usr/share/cups/doc-root": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gimp/2.0/help /usr/share/gimp/2.0/help none bind,ro 0 0): cannot create directory "/usr/share/gimp/2.0": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gtk-doc /usr/share/gtk-doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/gtk-doc": lstat /var/lib/snapd/hostfs/usr/share/gtk-doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/libreoffice/help /usr/share/libreoffice/help none bind,ro 0 0): cannot create directory "/usr/share/libreoffice/help": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/xubuntu-docs /usr/share/xubuntu-docs none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/xubuntu-docs": lstat /var/lib/snapd/hostfs/usr/share/xubuntu-docs: permission denied update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.firefox /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: snap (not installed) ProcVersionSignature: Ubuntu 5.19.0-19.19-generic 5.19.7 Uname: Linux 5.19.0-19-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: XFCE Date: Tue Oct 4 17:29:01 2022 InstallationDate: Installed on 2017-09-26 (1834 days ago) InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Alpha amd64 (20170924) SourcePackage: snap UpgradeStatus: Upgraded to kinetic on 2022-05-22 (134 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1991691/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
