After installation of snap service getting failed

After installation of snap service getting failed when snap is in classic confinement.
When i tried to figure out the error, i found the below logs in /var/log/syslog.

"Jun 17 10:08:23 localhost systemd[1]: Reloading.
Jun 17 10:08:25 localhost systemd[1]: Mounting Mount unit for classic-web-dm, revision x1…
Jun 17 10:08:25 localhost systemd[1]: Mounted Mount unit for classic-web-dm, revision x1.
Jun 17 10:08:26 localhost snapd[778]: backend.go:93: cannot create host snap userd dbus service file: failed to copy all: “cp: cannot stat ‘/snap/core/x1/usr/share/dbus-1/services/io.snapcraft.Settings.service’: No such file or directory” (1)
Jun 17 10:08:26 localhost kernel: [ 7813.548091] audit: type=1400 audit(1560766106.477:62): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“snap.classic-web-dm.hook.install” pid=8623 comm=“apparmor_parser”"

Any one have any idea about this error.

Same is working fine with devmode confinement.

looks like your core snap was somehow sideloaded (thus the x1 version) … this is very unusual and might be the cause of the issue … how did you get the core snap installed on your system (it should be auto-installed alond with the first snap package you install on your system)

Yes i have core snap version (x1) along with core snap i have one more core18 snap on my device.
May be this would be a reason for this error.

Its come with pre-build classic image for device.
Will it effect any thing when i update core snap with updated snap?

wow, this is odd, a core snap in any image should never be sideloaded since sideloaded snaps will not be upgraded, yes, try to manually snap refresh core (or perhaps you need snap install when it is sideloaded), nobody will be able to tell how old your installed core snap is due to that x1 version, there might be ancient and long fixed bugs in your setup due to this.

snap refresh --amend core should be able to fix it, if it is fixable (and not running some ersatz core).

Yes, it has upgrade the core snap now core snap version is - “core 16-2.39.3 7274 - canonical✓ core”.
and the above error are vanished from the syslog after core snap update, but i am still having some error.
i.e Jun 27 22:55:32 localhost kernel: [303997.669247] audit: type=1400 audit(1561676132.929:4562): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap.configure-reboot.schedule-input” pid=12138 comm="apparmor_parser"
Jun 27 22:55:32 localhost kernel: [303997.669354] audit: type=1400 audit(1561676132.929:4563): apparmor=“STATUS” operation=“profile_replace” info=“same as current profile, skipping” profile=“unconfined” name=“snap-update-ns.configure-reboot” pid=12137 comm="apparmor_parser"
Jun 27 22:55:34 localhost snapd[23220]: daemon.go:611: gracefully waiting for running hooks
Jun 27 22:55:34 localhost snapd[23220]: daemon.go:613: done waiting for running hooks
Jun 27 22:55:34 localhost systemd[1]: snapd.service: Service hold-off time over, scheduling restart.
Jun 27 22:55:34 localhost systemd[1]: Stopped Snappy daemon.
Jun 27 22:55:34 localhost systemd[1]: Starting Snappy daemon…
Jun 27 22:55:35 localhost snapd[12162]: AppArmor status: apparmor is enabled but some kernel features are missing: dbus, mount, network, signal
Jun 27 22:55:37 localhost kernel: [304002.524379] kauditd_printk_skb: 18 callbacks suppressed

This might be a reason for failure .
I don’t have much idea about this as it has came with pre-build image.

What kind of image was this exactly ?

As i said above, on a classic installation (desktop/server) that has no snapd installed, there should be no core snap at all, it gets automatically downloaded along with the very first snap you install so having such a sideloaded (and possibly manually modified) core snap pre-installed is very weird (and dangerous).

Customize classic image for an IOT(ALLWINNER olimex board)device which already has some pre-installed snaps.

aha, well, it was then definitly built wrongly and your remaining errors also suggest that basic kernel features for snap confinement are missing on this device. the command snap debug sandbox-features will likely tell you that snaps run in degraded security mode.

Yes, you are correct its shows parser is running in unsafe mode. Thanks @ogra for your kind support. Will see what can i do now :slight_smile:

I have a classing Ubuntu image on my armhf device, i had installed some default snap during boot up.

Every thing running smooth, but after some(~5-10hr) i found below logs on my device and during that device got hanged up.

Jul 24 06:57:23 localhost systemd[1]: Stopped Auto import assertions from block devices.
Jul 24 06:57:23 localhost systemd[1]: Stopped Automatically repair incorrect owner/permissions on core devices.
Jul 24 06:57:23 localhost systemd[1]: Stopped Automatically refresh installed snaps.
Jul 24 06:57:23 localhost systemd[1]: Stopped Timer to automatically refresh installed snaps.
Jul 24 06:57:23 localhost snapd[703]: 2019/07/24 06:57:23.821229 main.go:78: Exiting on terminated signal.
Jul 24 06:57:23 localhost systemd[1]: Stopping Snappy daemon…
Jul 24 06:57:23 localhost systemd[1]: Stopped Snappy daemon.
Jul 24 06:57:23 localhost systemd[1]: Stopped Automatically fetch and run repair assertions.
Jul 24 06:57:23 localhost systemd[1]: Stopped Timer to automatically fetch and run repair assertions.
Jul 24 06:57:23 localhost systemd[1]: Closed Socket activation for snappy daemon.
Jul 24 06:57:23 localhost systemd[1]: Stopped Ubuntu core (all-snaps) system shutdown helper setup service.
Jul 24 06:57:30 localhost dhclient[2371]: DHCPREQUEST of 10.42.0.195 on eth0 to 10.42.0.1 port 67 (xid=0x1c5b9b58)
Jul 24 06:57:34 localhost systemd[1]: Reloading.
Jul 24 06:57:36 localhost systemd[1]: Reloading.
Jul 24 06:57:37 localhost systemd[1]: Stopping Unattended Upgrades Shutdown…

I am not be able to find the root cause of this, any helps are really appreciable.

Thanks

what is the output of snap version on this installation ?

Thanks @ogra for your quick reply.
having snap --version -_
$ snap --version
snap 2.30
snapd 2.30
series 16
ubuntu 16.04
kernel 4.13.16-sunxi

so this is again using some non-ubuntu kernel which i assume is … again … missing the required security features to use snap packages. whoever created this kernel should make sure the security configs are properly enabled and the necessary apparmor patches are applied.

Thanks @ogra for your quick reply & your valuable information.
Will raise our concern to the respective person

feel free to point him/her to this forum (to the device category) for questions etc.

1 Like

Hello @ogra,

Sorry for bothering you again :frowning:
Actually he made some changes in the image (some apparmor security added) suggested by you. But when i try to remove the installed snap, getting below warning mgs in syslog. WARNING mgs -

Feb 28 06:59:03 localhost snapd[618]: 2020/02/28 06:59:03.038893 kernel_os.go:186: cannot get boot settings: cannot determine bootloader Feb 28 06:59:04 localhost systemd[1]: Unmounted Mount unit for hello-world. Feb 28 06:59:05 localhost systemd[1]: Reloading. Feb 28 06:59:06 localhost systemd[1]: Reloading.

My question is does this warning impact the device for long run ?

SNAP VERSION -

snap 2.30 snapd 2.30 series 16 ubuntu 16.04 kernel 4.13.16-sunxi

yes, the system will not be able to properly update, you seem to have a broken gadget snap and/or bootloader setup …