Hi,
Since yesterday all the snaps stopped working. I have an Ubuntu 16.04 LTS installation and the core version is:
core 16-2.32 4308 beta canonical core
The error that all the snaps throw is the following one.
failed to create prefix path: /tmp/snap.rootfs_wHMWrh/var/lib/snapd/lib/vulkan/icd.d: Permission denied
Any suggestion? Thanks in advance!
I changed to Nouveau display driver… and all the snaps are working now. ( I have a nvidia 940MX )
Same problem here 
Did you find a solution ??
Opened a PR with the fix.
ah oki so it’s latest of snapd that killed everything 
any way to apply fix without waiting for update ?
Hmm, one way of doing that would be to edit the apparmor profile of snap-confine in /etc/apparmor.d to be permissive (effectively switching them into complain mode). You can do that by editing the files so that they have the text ,complain just immediately after attach_disconnected. After doing that please run sudo apparmor_parser -r with the pathname of the file you edited.
Just to be sure it’s supposed to be in ‘usr.lib.snapd.snap-confine.real’ file ? as I’m unable to find that string
Yes, it’s right at the top of the file:
zyga@fyke:~$ head /etc/apparmor.d/snap.core.4321.usr.lib.snapd.snap-confine
# Author: Jamie Strandboge <jamie@canonical.com>
#include <tunables/global>
/snap/core/4321/usr/lib/snapd/snap-confine (attach_disconnected) {
# Include any additional files that snapd chose to generate.
# - for $HOME on NFS
# - for $HOME on encrypted media
#
# Those are discussed on https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor
# and https://forum.snapcraft.io/t/snaps-and-nfs-home/
NOTE: you may need to do this change to all the snap-confine files there.
Great, did it on the two “confine” files present there and problem solved
Thanks a lot for the tweak 
Thank you for reporting the issue. This should be fixed properly in 2.32.1 soon.
Cool Discovered that snap are a great way to run easily apps with creepy dependencies but it all depends on a daemon which is the weak point of it
The daemon is only needed to install and refresh them. Other than that it should work fine 
Confused there because my existing snap shouldn’t have stopped working without reasons no ? as only thing that happened was a snap update I guess that prevented them from working from one day to another !
You should be able to do snap refresh --beta core now to get the version with fixes.
@vincen That’s independent from @zyga-snapd’s point or the point you made earlier. The point still holds: snaps do not depend on snapd for running. You can give it a shot yourself: install a snap and then shutdown the daemon. Try to use the snap.
oki thanks I checked documentations on snap website and if I understand well the daemon is only used to download/install/upgrade them and handle the automatic background update right ?
If so how is that possible that suddenly all snaps on my system were no more working ?? Snapd update itself can be the reason ?
Yes, the snapd snap got updated, which triggers a security profile rebuild because that changes the whole tooling used to run the snap in the first place (snap-confine, etc), which means new security profiles may be required to be able to function properly and without errors.
By the way, thanks for using the beta and thanks for reporting this. Really happy that we’re getting so much testing on these releases well before they go into the stable channel.
Thanks for explanations and understood now the process
You’re welcome, didn’t notice in fact I was using beta