[Group.of.nepali.translators] [Bug 1880085] Re: snap userd's OpenURL method allows sandox escape
This was released a while ago, the upstream task was stale. ** Changed in: snapd Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1880085 Title: snap userd's OpenURL method allows sandox escape Status in snapd: Fix Released Status in snapd package in Ubuntu: Fix Released Status in snapd source package in Trusty: Won't Fix Status in snapd source package in Xenial: Fix Released Status in snapd source package in Bionic: Fix Released Status in snapd source package in Eoan: Fix Released Status in snapd source package in Focal: Fix Released Status in snapd source package in Groovy: Fix Released Bug description: snap userd's OpenURL implementation alters the value of $XDG_DATA_DIRS to include a directory controlled by the calling snap before calling /usr/bin/xdg-open: https://github.com/snapcore/snapd/blob/7f678b92/usersession/userd/launcher.go#L109-L113 This allows the snap to control how the URL will be opened, including having executables provided by the snap run outside of confinement. Attached is an example snap demonstrating the exploit. It works as follows: 1. the snap provides a single command plugging the desktop interface that calls "xdg-open help://whatever" 2. userd invokes the host system /usr/bin/xdg-open with $SNAP/usr/share/applications at the start of $XDG_DATA_DIRS. 3. under $SNAP/usr/share/applications, we have a yelp.desktop file whose Exec line points to an "outside-sandbox.sh" script shipped with the snap, and a mimeapps.list file to set it as the default handler for the "help:" scheme. 4. the "outside-sandbox.sh" script is executed without confinement and writes a file /tmp/foo.txt This file can be seen in the host system /tmp rather than the snap's private /tmp, demonstrating that it was run outside the sandbox. Note that this isn't restricted to the "help:" URI scheme: it's just more likely to succeed, since users are unlikely to override the default handler. To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1880085/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1673247] Re: package snapd 2.23.1 failed to install/upgrade: trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine
Michael, are you still actively working on this issue? ** Also affects: snapd Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673247 Title: package snapd 2.23.1 failed to install/upgrade: trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine 2.23.1 Status in snapd: New Status in dpkg package in Ubuntu: In Progress Status in snapd package in Ubuntu: In Progress Status in dpkg source package in Trusty: Confirmed Status in snapd source package in Trusty: In Progress Status in dpkg source package in Xenial: Confirmed Status in snapd source package in Xenial: Confirmed Status in dpkg source package in Yakkety: Invalid Status in snapd source package in Yakkety: Invalid Status in dpkg source package in Zesty: Confirmed Status in snapd source package in Zesty: Confirmed Bug description: When the ubuntu installer runs it has an option to download updates during the install. When this happens snapd/snap-confine 2.22.6 are installed on /target. The upgrade brings in snapd/snap-confine 2.23.1 which has a conffile in /etc/apparmor.d/usr.lib.snapd.snap-confine. The snapd packages declares a breaks/replaces: snapd-confine (<< 2.23) which works correctly on regular upgrades. However it does fail on upgrades with the "--root=/target" that is used by ubiquity. After a bit of debugging it turns out the reason is that src/archives.c:tarobject() has a check for obsolete conffiles in the block around "Is the file an obsolete conffile ...". There is a stat() here that checks that the conff->name and the fnamevb are the same file. This check fails to take the instdir into account and therefore the loop does not continue but falls through to the "does_replace()" checks. Snap 2.23.1 fails to upgrade from 2.21. Known facts: - reporters (and apport) indicate it fails during the install via the live-cd - not reproducible so far on an already installed system - breaks/replaces of snapd are correct - When adding "xenial-proposed" to apt-setup in ubiquity and installing Cause: - when ubiquity runs it uses "dpkg --root=/target --unpack ..." - however when doing the conffile checking dpkg does not handle the "--root" parameter correctly and checks something against "/" instead of "/target". - I really don't know what else to add... ProblemType: Package DistroRelease: Ubuntu 16.04 Package: snapd 2.23.1 ProcVersionSignature: Ubuntu 4.8.0-36.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-36-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 CasperVersion: 1.376.2 Date: Wed Mar 15 16:03:33 2017 DuplicateSignature: package:snapd:2.23.1 Unpacking snapd (2.23.1) over (2.21) ... dpkg: error processing archive /target/var/cache/apt/archives/snapd_2.23.1_amd64.deb (--unpack): trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine 2.23.1 ErrorMessage: trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine 2.23.1 LiveMediaBuild: Ubuntu-GNOME 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215) RelatedPackageVersions: dpkg 1.18.4ubuntu1.1 apt 1.2.19 SourcePackage: snapd Title: package snapd 2.23.1 failed to install/upgrade: trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine 2.23.1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1673247/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1661590] Re: GNOME Software only supports running one application from a snap
I just tried to reproduce the bug as outlined in the bug description. I can confirm it is now fixed and working as expected. I'm marking the snappy task as fix released. ** Changed in: snappy Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1661590 Title: GNOME Software only supports running one application from a snap Status in GNOME Software: Fix Released Status in Snappy: Fix Released Status in gnome-software package in Ubuntu: Fix Released Status in gnome-software source package in Xenial: Fix Released Status in gnome-software source package in Artful: Won't Fix Status in gnome-software source package in Bionic: Fix Released Bug description: HOW TO REPRODUCE: 1. Install LibreOffice snap ('nonfree' tag) from Ubuntu Software. 2. Click on the 'Launch' button once you have it installed. WHAT IS EXPECTED: It should launch the LibreOffice wizard instead of any of Writer, Calc, etc. WHAT ACTUALLY HAPPENS: It launches LibreOffice Database. WHY THIS HAPPENS? Ubuntu Software probably picks the first listed command (libreoffice.base), as shown in $ snap info libreoffice name: libreoffice summary: "LibreOffice is a powerful office suite including word processing and creation of spreadsheets, slideshows and databases" publisher: canonical description: | LibreOffice is a powerful office suite – its clean interface and feature-rich tools help you unleash your creativity and enhance your productivity. LibreOffice includes several applications that make it the most powerful Free and Open Source office suite on the market: Writer (word processing), Calc (spreadsheets), Impress (presentations), Draw (vector graphics and flowcharts), Base (databases), and Math (formula editing). commands: - libreoffice.base - libreoffice.calc - libreoffice.draw - libreoffice.impress - libreoffice - libreoffice.math - libreoffice.writer tracking:stable installed: 5.3.0.3 (17) 374MB - refreshed: 2017-02-01 20:51:51 +0200 EET channels: stable:5.3.0.3 (17) 374MB - candidate: 5.3.0.3 (17) 374MB - beta: 5.3.0.3 (17) 374MB - edge: 5.3.0.3 (17) 374MB - The order in snapcraft.yaml is different, so probably Snapcraft is changing the order (it might assume that 'libreoffice' is 'libreoffice.libreoffice', so it puts it further down. Here is snapcraft.yaml: https://git.launchpad.net/~bjoern-michaelsen /df-libreoffice/+git/libreoffice-snap- playground/tree/snapcraft.yaml?h=xenial To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-software/+bug/1661590/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1659534] Re: userdel doesn't supports extrausers
I inspected snapd and noticed that we don't invoke "userdel" or "deluser" in any production code. We have some tests that do use it and we now support --extrausers there. I'm inclined to mark the snappy task as fix released, given that we inherit the relevant tools from core and core18 snaps which in turn are fed with updates from the archive. While in the past we carried this patch locally in a package override, given that it is now fixed in both Xenial and Bionic I cannot imagine anything else we'd have to do in the context of this issue. With this rationale I'm marking it as fix released. Please reopen if there's more relevant work to be done. ** Changed in: snappy Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1659534 Title: userdel doesn't supports extrausers Status in Snappy: Fix Released Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Xenial: Fix Released Status in shadow source package in Bionic: Fix Released Status in shadow source package in Cosmic: Confirmed Bug description: TEST CASE: - run userdel --extrausers foo on a ubuntu core system REGRESSION POTENTIAL: - low, this option will only take effect when "userdel --extrauser" is used. On an Ubuntu Core system is impossible to delete an user from the extrausers db: root@localhost:/# userdel --extrausers alice userdel: unrecognized option '--extrausers' To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1659534/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1721676] Re: implement errno action logging in seccomp for strict mode with snaps
This has been fixed and is available in snapd for multiple releases now. I'm marking it as fix released. ** Changed in: snappy Status: In Progress => Fix Released ** Project changed: snappy => snapd -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1721676 Title: implement errno action logging in seccomp for strict mode with snaps Status in snapd: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Zesty: Fix Released Status in linux source package in Artful: Fix Released Bug description: A requirement for snappy is that security sandbox violations against policy are logged. In this manner learning tools can be written to parse the logs, etc and make developing on snappy easier. The current default seccomp action, in strict mode. is to kill the snap's thread that violated the policy but this is unfriendly to the developer and to the user. The desired action is to block the illegal system call and return an error with errno set to EPERM. However, seccomp does not emit log events when it takes that action. Seccomp should be updated to emit log events when taking the SECCOMP_RET_ERRNO action and then snappy can switch to the using that action when blocking illegal system calls. [Impact] Snapd needs a way to log SECCOMP_RET_ERRNO seccomp actions in order to have a more friendly strict mode. Such functionality has been merged upstream into 4.14-rc2. No libseccomp changes are needed at this time since snap-confine loads the BPF filter directly into the kernel without using libseccomp. [Test Case] Running the libseccomp "live" tests will exercise the kernel's seccomp enforcement and help to help catch any regressions. Note that on Artful, there's an existing test failure (20-live- basic_die%%002-1): $ sudo apt build-dep -y libseccomp $ sudo apt install -y cython $ apt source libseccomp $ cd libseccomp-* $ autoreconf -ivf && ./configure --enable-python && make check-build $ (cd tests && ./regression -T live) All tests should pass on zesty (12 tests) and xenial (10 tests). On artful, you'll see one pre-existing failure: ... Test 20-live-basic_die%%002-1 result: FAILURE 20-live-basic_die TRAP rc=159 ... Regression Test Summary tests run: 12 tests skipped: 0 tests passed: 11 tests failed: 1 tests errored: 0 Running the seccomp kernel selftests is also a great to exercise seccomp and the kernel patch set proposed for the SRU includes additional seccomp selftests. To build, enter into the root of the kernel source tree and build the seccomp test binary: $ make -C tools/testing/selftests TARGETS=seccomp Now you can execute tools/testing/selftests/seccomp/seccomp_bpf or even copy it to a test machine and run it there. On Xenial, 54/54 tests should pass and 58/58 should pass on Zesty. Now we can run a single test to verify that SECCOMP_RET_ERRNO is logged when the application opts into it. First, verify that "errno" is listed in the actions_logged sysctl: $ cat /proc/sys/kernel/seccomp/actions_logged kill trap errno trace log Now, build and run the test program: $ gcc -o lp1721676-kernel-test lp1721676-kernel-test.c $ ./lp1721676-kernel-test SUCCESS: getpid() failed as expected: Operation not permitted It should have generated a message like this in /var/log/syslog: kernel: [79338.804966] audit: type=1326 audit(1507259221.875:27): auid=1000 uid=1000 gid=1000 ses=5 pid=3091 comm="lp1721676-kerne" exe="/home/tyhicks/lp1721676-kernel-test" sig=0 arch=c03e syscall=39 compat=0 ip=0x7fb91829c499 code=0x5 Disable errno logging in the sysctl: $ echo kill trap trace log | sudo tee /proc/sys/kernel/seccomp/actions_logged kill trap trace log Rerun the test program and ensure that nothing was logged this time. [Regression Potential] The kernel patches received a lot of review between Kees and some others interested in improved seccomp logging. I authored the patches and feel comfortable/confident with my backported versions. They do not change the behavior of seccomp logging by default but offer ways applications to opt into more logging and, on the flipside, ways for the administrator to quite any additional logging. To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1721676/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe :
[Group.of.nepali.translators] [Bug 1630789] Re: normal users can't run snaps inside of LXD containers
This bug was fixed while snap-confine was a separate package. I'm marking the snappy task as fix-released. ** Changed in: snappy Status: In Progress => Fix Released ** Project changed: snappy => snapd -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1630789 Title: normal users can't run snaps inside of LXD containers Status in snap-confine: Fix Released Status in snapd: Fix Released Status in snap-confine package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Fix Released Status in snap-confine source package in Xenial: Fix Committed Status in snap-confine source package in Yakkety: Fix Committed Bug description: [Impact] TBD [Test Case] Look below for a test case. [Regression Potential] TBD [Other Info] * snap-confine is technically an integral part of snapd which has an SRU exception and is allowed to introduce new features and take advantage of accelerated procedure. For more information see https://wiki.ubuntu.com/SnapdUpdates == # Pre-SRU bug description follows # == The kernel (4.8.0-19.21), apparmor (2.10.95-4ubuntu5), and lxd (2.4-0ubuntu1) needed for running snaps inside of LXD containers (bug #1611078) have all landed in Yakkety. We should be able to install squashfuse and snapd 2.16+16.10 (from yakkety-proposed) and then run snaps inside of unprivileged LXD containers. I have verified that it works well for the root user inside of the container but there are some issues when a normal user attempts to run a snap command. # Create yakkety container named "yakkety" tyhicks@host:~$ lxc launch ubuntu-daily:devel yakkety Creating yakkety Starting yakkety # Enter the container, enable yakkety-proposed, update, install the dependencies tyhicks@host:~$ lxc exec yakkety bash root@yakkety:~# echo "deb http://archive.ubuntu.com/ubuntu/ \ yakkety-proposed restricted main multiverse universe" > \ /etc/apt/sources.list.d/proposed.list root@yakkety:~# echo -e "Package: *\nPin: release a=yakkety-proposed\n\ Pin-Priority: 400" > /etc/apt/preferences.d/proposed-updates root@yakkety:~# apt-get update && apt-get dist-upgrade -y ... root@yakkety:~# apt-get install -y squashfuse snapd/yakkety-proposed ... # Rebooting the container should not be needed but is done for completeness root@yakkety:~# reboot tyhicks@host:~$ lxc exec yakkety bash # Install the hello-world snap root@yakkety:~# snap install hello-world hello-world (stable) 6.3 from 'canonical' installed # Snap commands work fine as root inside the container but not as a normal user root@yakkety:~# /snap/bin/hello-world.env SNAP_USER_COMMON=/root/snap/hello-world/common ... root@yakkety:~# su - ubuntu -c '/snap/bin/hello-world.env' internal error, please report: running "hello-world.env" failed: open /snap/hello-world/27/meta/snap.yaml: permission denied # The normal user can't access /snap/hello-world/27 because of some oddness with the # dentry root@yakkety:~# ls -al /snap/hello-world total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. drwxrwxr-x 4 root root0 Jul 11 21:20 27 lrwxrwxrwx 1 root root2 Oct 5 21:09 current -> 27 root@yakkety:~# su - ubuntu -c 'ls -al /snap/hello-world' ls: cannot access '/snap/hello-world/27': Permission denied total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. d? ? ?? ?? 27 lrwxrwxrwx 1 root root2 Oct 5 21:09 current -> 27 To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1630789/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1672740] Re: Netplan replug function is incompatible with ath9k_htc module
The fix to this bug was released across the sack. Marking the snappy task as fix released as well. ** Changed in: snappy Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672740 Title: Netplan replug function is incompatible with ath9k_htc module Status in netplan: Fix Released Status in Snappy: Fix Released Status in nplan package in Ubuntu: Fix Released Status in nplan source package in Xenial: Fix Released Status in nplan source package in Yakkety: Fix Released Status in nplan source package in Zesty: Fix Released Bug description: [Impact] Replugging ath9k_htc may confuse the driver and cause connection issues. [Test case] - Run nplan integration tests on the release - Validate that netplan generate && netplan apply alone, without config, behave as expected (no result) - Validate that netplan generate && netplan apply with minimal config writes /run/NetworkManager/conf.d/10-globally-managed-devices.conf - Validate that netplan generate && netplan apply works with any existing configuation. - Run 'netplan apply' with a valid config for an ath9k_htc device, validate the device is not replugged. [Regression potential] Existing configurations that do not rely on ath9k, brcmfmac or mwifiex (for example) should continue to replug the devices where appropriate to ensure the interface renaming is correctly applied. Configurations for the affected devices should not fail to apply supported configuration. --- We hit the following problem about the interaction between netplan and the ath9k_htc module, controlling the chip Atheros AR9271. If you run the following command netplan --debug apply or you use console-conf for setting the network interfaces we get the following messages : ** (generate:2261): DEBUG: Processing input file //etc/netplan/00-snapd-config.yaml.. ** (generate:2261): DEBUG: eth0: setting default backend to 1 ** (generate:2261): DEBUG: Generating output files.. ** (generate:2261): DEBUG: NetworkManager: definition eth0 is not for us (backend 1) DEBUG:netplan generated networkd configuration exists, restarting networkd DEBUG:no netplan generated NM configuration exists DEBUG:device lo operstate is unknown, not replugging DEBUG:device eth0 operstate is up, not replugging DEBUG:replug wlan0: unbinding 4-1:1.0 from /sys/bus/usb/drivers/ath9k_htc DEBUG:replug wlan0: rebinding 4-1:1.0 to /sys/bus/usb/drivers/ath9k_htc The last two row show two consecutive actions, one soon after the other: unbind and bind the usb device on usb hub. The module ath9k_htc doesn't work fine in this situation: the wireless interface disappears. Our problem can be fixed by using the same approach used for mac80211_hwsim e mwifiex_pcie modules. The attached patch file fix the issue following the same pattern adopted for the following modules: mwifiex_pcie,mac80211_hwsim. To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/1672740/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1640514] Re: /snap/bin is not added to the PATH when using zsh
I marked the zsh part of this issue as invalid as we now have a way to inject environment into all the shells uniformly. ** Changed in: snapd (Ubuntu Xenial) Status: New => Confirmed ** Changed in: snappy Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640514 Title: /snap/bin is not added to the PATH when using zsh Status in Snappy: Fix Released Status in snapd package in Ubuntu: Confirmed Status in zsh package in Ubuntu: Invalid Status in snapd source package in Xenial: Confirmed Status in zsh source package in Xenial: Invalid Status in snapd source package in Bionic: Fix Released Status in zsh source package in Bionic: Invalid Bug description: --- Environment --- Ubuntu Zesty 17.04 (dev) zsh snapd 2.16 --- Description --- zsh does not seem to load the scripts in /etc/profile.d/ (see https://bugzilla.redhat.com/show_bug.cgi?id=88457 ). As a consequence, /snap/bin is not added to PATH, and running snaps from terminal (without snap run) does not work --- How to reproduce --- 1) Install zsh 2) try running apps provided by snaps from the shell, without using snap run To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1640514/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1640514] Re: /snap/bin is not added to the PATH when using zsh
Note that I was using Ubuntu 18.04 which is important. The older versions of Ubuntu don't have recent enough systemd to support environment.d injections. ** Changed in: snapd (Ubuntu Bionic) Status: New => Fix Released ** Changed in: zsh (Ubuntu Xenial) Status: New => Invalid ** Changed in: zsh (Ubuntu Bionic) Status: New => Invalid ** Changed in: zsh (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1640514 Title: /snap/bin is not added to the PATH when using zsh Status in Snappy: Fix Released Status in snapd package in Ubuntu: Confirmed Status in zsh package in Ubuntu: Invalid Status in snapd source package in Xenial: Confirmed Status in zsh source package in Xenial: Invalid Status in snapd source package in Bionic: Fix Released Status in zsh source package in Bionic: Invalid Bug description: --- Environment --- Ubuntu Zesty 17.04 (dev) zsh snapd 2.16 --- Description --- zsh does not seem to load the scripts in /etc/profile.d/ (see https://bugzilla.redhat.com/show_bug.cgi?id=88457 ). As a consequence, /snap/bin is not added to PATH, and running snaps from terminal (without snap run) does not work --- How to reproduce --- 1) Install zsh 2) try running apps provided by snaps from the shell, without using snap run To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1640514/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1551747] Re: ubuntu-fan causes issues during network configuration
I'm marking this as invalid in snappy as it doesn't seem related to snapd proper. ** Changed in: snappy Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1551747 Title: ubuntu-fan causes issues during network configuration Status in cloud-init: Invalid Status in Snappy: Invalid Status in ubuntu-fan package in Ubuntu: Fix Released Status in ubuntu-fan source package in Xenial: Fix Released Status in ubuntu-fan source package in Yakkety: Fix Released Bug description: it seems that ubuntu-fan is causing issues with network configuration. On 16.04 daily image: root@localhost:~# snappy list NameDate Version Developer canonical-pi2 2016-02-02 3.0 canonical canonical-pi2-linux 2016-02-03 4.3.0-1006-3 canonical ubuntu-core 2016-02-22 16.04.0-10.armhf canonical I see this when I'm activating a wifi card on a raspberry pi 2. root@localhost:~# ifdown wlan0 ifdown: interface wlan0 not configured root@localhost:~# ifup wlan0 Internet Systems Consortium DHCP Client 4.3.3 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/wlan0/c4:e9:84:17:31:9b Sending on LPF/wlan0/c4:e9:84:17:31:9b Sending on Socket/fallback DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3 (xid=0x81c0c95e) DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5 (xid=0x81c0c95e) DHCPREQUEST of 192.168.0.170 on wlan0 to 255.255.255.255 port 67 (xid=0x5ec9c081) DHCPOFFER of 192.168.0.170 from 192.168.0.251 DHCPACK of 192.168.0.170 from 192.168.0.251 RTNETLINK answers: File exists bound to 192.168.0.170 -- renewal in 17145 seconds. run-parts: /etc/network/if-up.d/ubuntu-fan exited with return code 1 Failed to bring up wlan0. === [Impact] Installing ubuntu-fan can trigger error messages when initialising with no fan configuration. [Test Case] As above. [Regression Potential] Low, suppresses errorneous error messages. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1551747/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1588192] Re: GL interfaces seem wedged for Krita on nvidia
I'm marking the snappy task as fix released. We have greatly improved nvidia support from Ubuntu 16.04 to Ubuntu 18.04 and on other distributions as well. Please reopen if you find it still affects you somehow. ** Changed in: snappy Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1588192 Title: GL interfaces seem wedged for Krita on nvidia Status in Snappy: Fix Released Status in nvidia-graphics-drivers-304 package in Ubuntu: In Progress Status in nvidia-graphics-drivers-340 package in Ubuntu: Won't Fix Status in nvidia-graphics-drivers-361 package in Ubuntu: Won't Fix Status in nvidia-graphics-drivers-304 source package in Xenial: In Progress Status in nvidia-graphics-drivers-340 source package in Xenial: Won't Fix Status in nvidia-graphics-drivers-361 source package in Xenial: Won't Fix Bug description: Krita snap segfaults. I'm running nvidia proprietary drivers on Dell XPS 15. mark@mark-XPS-15-9550:~$ snap install krita 97.84 MB / 97.84 MB [=] 100.00 % 362.82 KB/s Name Version Rev Developer krita 3.0-snap10 1krita mark@mark-XPS-15-9550:~$ krita QCoreApplication::arguments: Please instantiate the QApplication object first krita.lib.pigment: Compiled for arch: ::Vc::AVXImpl krita.lib.pigment: Features supported: krita.lib.pigment: "SSE2" --- yes krita.lib.pigment: "SSSE3"--- yes krita.lib.pigment: "SSE4.1" --- yes krita.lib.pigment: "AVX " --- yes libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: swrast Segmentation fault (core dumped) mark@mark-XPS-15-9550:~$ To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1588192/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1569581] Re: snapd no longer detects apparmor changes on upgrade
This is now done in 2.23 ** Changed in: snappy Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1569581 Title: snapd no longer detects apparmor changes on upgrade Status in Snappy: Fix Released Status in apparmor package in Ubuntu: Triaged Status in snapd package in Ubuntu: Triaged Status in apparmor source package in Xenial: Triaged Status in snapd source package in Xenial: Triaged Bug description: snappy in 16.04 used to compare /usr/share/snappy/security-policy- version and /var/lib/snappy/security-policy-version on boot to see if the apparmor package changed and therefore if it needed to regenerate all snap policy. This functionality was recently removed with nothing added to replace it. snapd must have a means to detect changes to the parser or the abstractions which the snap may #include, otherwise we cannot deliver parser and policy fixes from apparmor to installed snaps. It is fine to use a different method than what we had before, but we need to have something. To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1569581/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1630789] Re: normal users can't run snaps inside of LXD containers
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1630789 Title: normal users can't run snaps inside of LXD containers Status in Snappy Launcher: Fix Released Status in Snappy: In Progress Status in snap-confine package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Fix Released Status in snap-confine source package in Xenial: Fix Released Bug description: The kernel (4.8.0-19.21), apparmor (2.10.95-4ubuntu5), and lxd (2.4-0ubuntu1) needed for running snaps inside of LXD containers (bug #1611078) have all landed in Yakkety. We should be able to install squashfuse and snapd 2.16+16.10 (from yakkety-proposed) and then run snaps inside of unprivileged LXD containers. I have verified that it works well for the root user inside of the container but there are some issues when a normal user attempts to run a snap command. # Create yakkety container named "yakkety" tyhicks@host:~$ lxc launch ubuntu-daily:devel yakkety Creating yakkety Starting yakkety # Enter the container, enable yakkety-proposed, update, install the dependencies tyhicks@host:~$ lxc exec yakkety bash root@yakkety:~# echo "deb http://archive.ubuntu.com/ubuntu/ \ yakkety-proposed restricted main multiverse universe" > \ /etc/apt/sources.list.d/proposed.list root@yakkety:~# echo -e "Package: *\nPin: release a=yakkety-proposed\n\ Pin-Priority: 400" > /etc/apt/preferences.d/proposed-updates root@yakkety:~# apt-get update && apt-get dist-upgrade -y ... root@yakkety:~# apt-get install -y squashfuse snapd/yakkety-proposed ... # Rebooting the container should not be needed but is done for completeness root@yakkety:~# reboot tyhicks@host:~$ lxc exec yakkety bash # Install the hello-world snap root@yakkety:~# snap install hello-world hello-world (stable) 6.3 from 'canonical' installed # Snap commands work fine as root inside the container but not as a normal user root@yakkety:~# /snap/bin/hello-world.env SNAP_USER_COMMON=/root/snap/hello-world/common ... root@yakkety:~# su - ubuntu -c '/snap/bin/hello-world.env' internal error, please report: running "hello-world.env" failed: open /snap/hello-world/27/meta/snap.yaml: permission denied # The normal user can't access /snap/hello-world/27 because of some oddness with the # dentry root@yakkety:~# ls -al /snap/hello-world total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. drwxrwxr-x 4 root root0 Jul 11 21:20 27 lrwxrwxrwx 1 root root2 Oct 5 21:09 current -> 27 root@yakkety:~# su - ubuntu -c 'ls -al /snap/hello-world' ls: cannot access '/snap/hello-world/27': Permission denied total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. d? ? ?? ?? 27 lrwxrwxrwx 1 root root2 Oct 5 21:09 current -> 27 To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1630789/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1605052] Re: snap-confine: dpkg --compare-versions error outputs during installation from snapd/ubuntu-core-launcher upgrade
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1605052 Title: snap-confine: dpkg --compare-versions error outputs during installation from snapd/ubuntu-core-launcher upgrade Status in Snappy Launcher: Fix Released Status in snap-confine package in Ubuntu: In Progress Status in snap-confine source package in Xenial: Fix Committed Bug description: The following non-fatal error is output during snap-confine installation: dpkg: error: --compare-versions takes three arguments: Below log is from a manual install to reproduce the issue, but this first occurred during upgrade of snapd/ubuntu-core-launcher on xenial- proposed which caused snap-confine to be installed. * Full error * Preparing to unpack .../snap-confine_1.0.38-0ubuntu0.16.04.1_amd64.deb ... dpkg: error: --compare-versions takes three arguments: Type dpkg --help for help about installing and deinstalling packages [*]; Use 'apt' or 'aptitude' for user-friendly package management; Type dpkg -Dhelp for a list of dpkg debug flag values; Type dpkg --force-help for a list of forcing options; Type dpkg-deb --help for help about manipulating *.deb files; Options marked [*] produce a lot of output - pipe it through 'less' or 'more' ! Unpacking snap-confine (1.0.38-0ubuntu0.16.04.1) ... Processing triggers for man-db (2.7.5-1) ... Setting up snap-confine (1.0.38-0ubuntu0.16.04.1) ... To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1605052/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612120] Re: $SNAP_USER_DATA is no longer created by snap-confine but is not yet created by snapd
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612120 Title: $SNAP_USER_DATA is no longer created by snap-confine but is not yet created by snapd Status in Snappy Launcher: Fix Released Status in snap-confine package in Ubuntu: Confirmed Status in snap-confine source package in Xenial: Fix Committed Bug description: We've noticed that the code that creates the $SNAP_USER_DATA directory has now been removed from snap-confine for the past few releases but the corresponding code in snapd, that depends on snap-exec, is not yet active. This has lead to some snaps that rely on it to have no way to create per-user data directories. TEST CASE: 1. sudo snap install bluez 2. sudo systemctl status snap.bluez.obex 3. verify that it fails to start the service 4. install snapd from xenial-proposed 5. snap remove bluez 6. snap install bluez 7. repeat (2) 8. verify that it works this time To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1612120/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612291] Re: cannot create $SNAP_USER_DATA when using ecryptfs and sudo
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612291 Title: cannot create $SNAP_USER_DATA when using ecryptfs and sudo Status in Snappy Launcher: Fix Released Status in snap-confine package in Ubuntu: New Status in snap-confine source package in Xenial: Fix Committed Bug description: Because of the two apparmor rules on snap-confine, attempts to create user data directory from snap-confine will fail when the user is using new-style encrypted home directory and sudo to start a snap. TEST CASE: 1. sudo adduser --encrypt-home test-encrypted 2. Ensure that the test-encrypted user can use sudo, e.g. add it to the sudo group 3. Log in as test-encrypted user 4. Install the hello-world snap 5. Run sudo /snap/bin/hello-world 6. Verify that `hello-world` fails to run 7. Install snap-confine from xenial-propsoed 8. verify that `hello-world` runs now The following patch makes the problem go away: diff --git a/debian/usr.bin.snap-confine b/debian/usr.bin.snap-confine index f3e6308..aeb17bd 100644 --- a/debian/usr.bin.snap-confine +++ b/debian/usr.bin.snap-confine @@ -155,6 +155,6 @@ owner @{HOME}/.Private/ r, owner @{HOME}/.Private/** mrixwlk, # new-style encrypted $HOME -owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r, -owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, +@{HOMEDIRS}/.ecryptfs/*/.Private/ r, +@{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, } To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1612291/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612684] Re: dies when run in a place that is not inside the snap chroot
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612684 Title: dies when run in a place that is not inside the snap chroot Status in Snappy Launcher: Fix Released Status in snap-confine package in Ubuntu: New Status in snap-confine source package in Xenial: Fix Committed Bug description: When running any snap from a place that is not inside the snap chroot (like /tmp/some-subdir or /srv) running the snap-confine launcher dies with a ugly error. TEST CASE: 1. mkdir /tmp/99 2. cd /tmp/99 3. sudo snap install hello-world 4. verify that it shows: "cannot remain in /tmp/99, please run this snap from another location. errmsg: No such file or directory" 5. install snap-confine from xenial-proposed 6. verify that hello-world runs now (and shows a message that it switches to /tmp) To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1612684/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1615113] Re: snap-confine prevented from mounting base directory through the "content" interface
** Changed in: snap-confine Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1615113 Title: snap-confine prevented from mounting base directory through the "content" interface Status in Snappy Launcher: Fix Released Status in snap-confine package in Ubuntu: Confirmed Status in snap-confine source package in Xenial: Confirmed Bug description: Using the new "content" interface, and following the integration tests as an example, I have build two snaps in https://github.com/ubuntu /snappy-playpen/tree/geany one under "geany" the other under "geany- plugins" that work together to share the plugin code with the geany app. Both build, install, and connect just fine, but on trying to run /snap/bin/geany it immediately fails with the following message: cannot mount /snap/geany-plugins/x1 at /snap/geany/x1/plugins with options bind,ro. errmsg: Permission denied Checking dmesg after this shows the following: [335489.022097] audit: type=1400 audit(1471624994.323:302441): apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/snap/geany/x1/plugins/" pid=18454 comm="ubuntu-core-lau" srcname="/snap/geany-plugins/x1/" flags="rw, bind" I belive this is due to the fact that my geany-plugins slot is sharing the root of it's content (/) instead of a file or folder by name. This makes the mount source /snap/geany-plugins/x1/ which is too short to match the apparmor allow line of /snap/*/*/** To test this, I made the following change to /etc/apparmor.d/usr.lib.snapd.snap-confine 120,121c120,121 < mount options=(rw bind) /snap/*/*/** -> /snap/*/*/**, < mount options=(ro bind) /snap/*/*/** -> /snap/*/*/**, --- > mount options=(rw bind) /snap/*/** -> /snap/*/*/**, > mount options=(ro bind) /snap/*/** -> /snap/*/*/**, This allowed the mount to happen and the application to run. To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1615113/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612684] Re: dies when run in a place that is not inside the snap chroot
This is fixed in master with this patch: https://github.com/snapcore/snap- confine/commit/1ab8e095195d07c766f75f85d9d9430a0f088dbd It will be released as a part of snap-confine 1.0.40 ** Also affects: snap-confine Importance: Undecided Status: New ** Changed in: snap-confine Milestone: None => 1.0.40 ** Changed in: snap-confine Status: New => Fix Committed ** Changed in: snap-confine Assignee: (unassigned) => Zygmunt Krynicki (zyga) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612684 Title: dies when run in a place that is not inside the snap chroot Status in Snappy Launcher: Fix Committed Status in snap-confine package in Ubuntu: New Status in snap-confine source package in Xenial: Fix Committed Bug description: When running any snap from a place that is not inside the snap chroot (like /tmp/some-subdir or /srv) running the snap-confine launcher dies with a ugly error. TEST CASE: 1. mkdir /tmp/99 2. cd /tmp/99 3. sudo snap install hello-world 4. verify that it shows: "cannot remain in /tmp/99, please run this snap from another location. errmsg: No such file or directory" 5. install snap-confine from xenial-proposed 6. verify that hello-world runs now (and shows a message that it switches to /tmp) To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1612684/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1572463] Re: setup-profile configures security based on snap.Info from DisconnectSnap, which still sees older revision
** Also affects: snappy Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1572463 Title: setup-profile configures security based on snap.Info from DisconnectSnap, which still sees older revision Status in Snappy: New Status in snapd package in Ubuntu: In Progress Status in snapd source package in Xenial: In Progress Bug description: When the same snap is sideloaded two times the security profile stops working: ``` $ sudo snap install youtube-dl_2016.03.27_amd64.snap [\] Setup snap "youtube-dl" security profiles $ youtube-dl.run WARNING: Assuming --restrict-filenames since file system encoding cannot encode all characters. Set the LC_ALL environment variable to fix this. Usage: youtube-dl [OPTIONS] URL [URL...] youtube-dl: error: You must provide at least one URL. Type youtube-dl --help to see a list of all options. $ sudo snap install youtube-dl_2016.03.27_amd64.snap [-] Copy snap "youtube-dl" data $ youtube-dl.run /bin/sh: 0: Can't open /snap/youtube-dl/12/command-run.wrapper $ dmesg|tail -n1 [13348.347319] audit: type=1400 audit(1461143833.011:132): apparmor="DENIED" operation="open" profile="snap.youtube-dl.run" name="/snap/youtube-dl/12/command-run.wrapper" pid=28849 comm="command-run.wra" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 $ grep SNAP_REVISION}= /var/lib/snapd/apparmor/profiles/snap.youtube-dl.run @{SNAP_REVISION}="11" ``` $ snap changes|grep sideload 6Done2016-04-20T09:17:02Z 2016-04-20T09:17:03Z Install "/tmp/snapd-sideload-pkg-620395148" snap file 7Done2016-04-20T09:17:10Z 2016-04-20T09:17:11Z Install "/tmp/snapd-sideload-pkg-340731359" snap file To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1572463/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp