[Bug 2139665] [NEW] Cannot change apparmor hat: No child processes

Tue, 03 Feb 2026 00:35:46 -0800 

Public bug reported:

During verification of https://bugs.launchpad.net/snapd/+bug/2134364,
the team encountered what seems to be an AppArmor bug.

>> This issue was encountered while using the snapd 2.74 deb on resolute:
```
systemd[1]: Starting snap.docker.nvidia-container-toolkit.service - Service for 
snap application docke>
docker.nvidia-container-toolkit[1708]: cannot change apparmor hat: No child 
processes
docker.nvidia-container-toolkit[1590]: cannot send command 1 to helper process: 
Broken pipe
systemd[1]: snap.docker.nvidia-container-toolkit.service: Main process exited, 
code=exited, status=1/F>
systemd[1]: snap.docker.nvidia-container-toolkit.service: Failed with result 
'exit-code'.

```

- It also happens using 2.73 deb on resolute. 
- It does not happen when using 2.73 deb on noble.


>> In all these cases snapd is using AppArmor parser from the host:

```
snap debug execution apparmor
apparmor-parser: /usr/sbin/apparmor_parser
apparmor-parser-command: /usr/sbin/apparmor_parser --policy-features 
/etc/apparmor.d/abi/3.0
internal: false

```

We are doing further tests to confirm that it does not happen when:
 - Running snapd 2.74 snap in resolute
 - Running snapd 2.74 deb in noble

Given the deb uses vendored AppArmor parser, this would further
reinforce that the issue is most likely the AppArmor side.


>>> Reproducer

Installing the `sudo snap install docker --latest` in resolute.

Run:    journalctl -u snap.docker.nvidia-container-toolkit.service

Expect: docker.nvidia-container-toolkit[1708]: cannot change apparmor
hat: No child processes

Laider Lai (@laiderlai) to provide more details...

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2139665

Title:
  Cannot change apparmor hat: No child processes

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2139665/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to