I tested to see if the changes in https://github.com/snapcore/snapd/pull/4714 would address this bug. I did this by:
1. in a livecd, perform 'sudo aa-status'. This showed no apparmor profiles were loaded 2. install a deb with https://github.com/snapcore/snapd/pull/4714. The act of installing the deb runs apparmor_parser on the snap-confine profile, so to simulate a fresh boot, I then unloaded the profiles with: sudo apparmor_parser -R /etc/apparmor.d/*snap-confine* (and confirmed with aa-status they weren't loaded 3. sudo snap install hello-world 4. sudo aa-status (this showed the snap-confine profiles from the core snap were loaded, along with the hello-world profiles, but *not* the snap-confine profile from /etc/apparmor.d 5. ran hello-world: $ hello-world snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks Therefore, https://github.com/snapcore/snapd/pull/4714 is *not* sufficient to fix this bug. Once I do: $ sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* Then strict and classic mode snaps work. ** Also affects: ubiquity (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751667 Title: classic snap does not run on live session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1751667/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
