The bug importance has been decreased to medium, as so far the only occurrence where this has happened is completely outside of snapd control and is either indicative of a system or configuration issue.
We've identified 3 scenarios, that effectively need manual user action: - snap-confine has no file capabilities (confirm with getcap /usr/lib/snapd/snap-confine): - file capabilities are applied by the postinst snippet, here: https://github.com/canonical/snapd/blob/9c1b144b8d37332f20ac7daa78008ba3920521f7/packaging/ubuntu-16.04/snapd.postinst#L74-L75 - if you've confirmed that they are indeed missing, execute the postinst line manually - review dpkg logs to identify possible cause - some 'hardening' software may have stripped the capabilities - configuration conflicts pertaining to /etc/apparmor.d/usr.lib.snapd.snap-confine.real profile - the profile shipped by snapd deb package contains all required permissions and apparmor service is restarted - double check whether you have *.dpkg-new or similar files under /etc/apparmor.d/ related to the profile file - restart apparmor service yourself, sudo systemctl restart apparmor - review dpkg log - configuration issue when using unconfined privileged lxd containers - either host or the container version of snapd is < 2.70 - unconfined privileged containers have full access to the host kernel and do not use AppArmor namespaces, profiles loaded from such containers affect the whole system (host); if such container loads a profile from snapd < 2.70, snapd on the host will be broken - conversely, a host with snapd < 2.70 may break execution in such container If in doubt, spin up a VM and use it as reference, e.g. lxc launch ubuntu:24.04 --vm u1 && lxc exec u1 -- /bin/sh -c 'dpkg -l snapd ; getcap /usr/lib/snapd/snap-confine' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127224 Title: all snaps fail to run To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2127224/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
