Public bug reported:
I tried to run `multipass` version and got the error below:
```
snap-confine has elevated permissions and is not confined but should be.
Refusing to continue to avoid permission escalation attacks
Please make sure that the snapd.apparmor service is enabled and started.
```
This was after I purged snap from my system and reinstalled it.
apparmor is running:
```
sudo systemctl status apparmor
10:48:49
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; preset:
enabled)
Active: active (exited) since Sun 2024-09-29 08:40:08 WAT; 2h 11min ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Main PID: 1009 (code=exited, status=0/SUCCESS)
CPU: 290ms
Sep 29 08:40:08 davidshare systemd[1]: Starting apparmor.service - Load
AppArmor profiles...
Sep 29 08:40:08 davidshare apparmor.systemd[1009]: Restarting AppArmor
Sep 29 08:40:08 davidshare apparmor.systemd[1009]: Reloading AppArmor profiles
Sep 29 08:40:08 davidshare apparmor.systemd[1156]: Skipping profile in
/etc/apparmor.d/disabl>
Sep 29 08:40:08 davidshare systemd[1]: Finished apparmor.service - Load
AppArmor profiles.
```
Things I have tried:
`sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*`
```
$ sudo systemctl enable --now apparmor.service
$ sudo systemctl enable --now snapd.apparmor.service
```
```
$ sudo service start snapd
$ sudo systemctl enable snapd.service
$ sudo systemctl enable --now snapd.service
```
```
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
```
aa-status for snap-confine:
```
sudo aa-status
10:45:45
apparmor module is loaded.
188 profiles are loaded.
91 profiles are in enforce mode.
/media/davidshare/Tersu/TersuCorp/tersu tech/learning DevOps/multipass
/snap/core/17200/usr/lib/snapd/snap-confine
/snap/core/17200/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/21759/usr/lib/snapd/snap-confine
/snap/snapd/21759/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/evince//snap_browsers
/usr/bin/freshclam
/usr/bin/man
/usr/bin/snap//passt
/usr/bin/snap//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/clamd
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/sssd
/{,usr/}sbin/dhclient
1password
avahi-daemon
```
snap version:
```
snap version
11:03:26
snap 2.63.1+24.04
snapd 2.63.1+24.04
series 16
ubuntu 24.04
kernel 6.8.0-45-generic
```
I cannot even install snap related updates on my machine, I can't adjust
my volume settings and others.
** Affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor snap
** Attachment added: "snap error.png"
https://bugs.launchpad.net/bugs/2083208/+attachment/5823341/+files/snap%20error.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2083208
Title:
snap-confine has elevated permissions and is not confined but should
be
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2083208/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
