Public bug reported:
On Ubuntu 20.04 (and probably 22.04 and greater), it is impossible to
disable snap chromium apparmor rules:
root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure
Can't find chromium.hook.configure in the system path list. If the name of the
application
is correct, please run 'which snap.chromium.hook.configure' as a user with
correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter.
root@{HOSTNAME}:~# aa-complain snap.chromium.chromedriver -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.chromium -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not
found
It seems like no one has an answer on how these overly restricted rules
can be disabled:
https://askubuntu.com/questions/1267980/how-to-disable-apparmor-for-chromium-snap-ubuntu-20-04
https://ubuntuforums.org/showthread.php?t=2410550
https://ubuntuforums.org/showthread.php?t=2449022
https://answers.launchpad.net/ubuntu/+source/apparmor/+question/701036
So I just got rid of apparmor which doesn't seem like the solution I was
after, but it works great now:
sudo systemctl stop apparmor
sudo systemctl disable apparmor
Please give us a way to modify (and keep the rules permanently modified
even after snap updates) snap apparmor rules.
Thank you!
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2057943
Title:
Can't disable or modify snap package apparmor rules
Status in apparmor package in Ubuntu:
New
Bug description:
On Ubuntu 20.04 (and probably 22.04 and greater), it is impossible to
disable snap chromium apparmor rules:
root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure
Can't find chromium.hook.configure in the system path list. If the name of
the application
is correct, please run 'which snap.chromium.hook.configure' as a user with
correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter.
root@{HOSTNAME}:~# aa-complain snap.chromium.chromedriver -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.chromium -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure -d
/var/lib/snapd/apparmor/profiles
ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global
not found
It seems like no one has an answer on how these overly restricted
rules can be disabled:
https://askubuntu.com/questions/1267980/how-to-disable-apparmor-for-chromium-snap-ubuntu-20-04
https://ubuntuforums.org/showthread.php?t=2410550
https://ubuntuforums.org/showthread.php?t=2449022
https://answers.launchpad.net/ubuntu/+source/apparmor/+question/701036
So I just got rid of apparmor which doesn't seem like the solution I
was after, but it works great now:
sudo systemctl stop apparmor
sudo systemctl disable apparmor
Please give us a way to modify (and keep the rules permanently
modified even after snap updates) snap apparmor rules.
Thank you!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057943/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
