Hey,
I’am running Ubuntu 16.04 with xenial-proposed enabled and got updated to snapd 2.27.3
If I remember well, I did a reboot after the call to apt upgrade
.
After that happened services from my snaps were not starting anymore with the following errors:
Aug 23 11:58:56 nirvana audit[21476]: AVC apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_jxIslj/etc/nsswitch.conf" pid=21476 comm="snap-confine" srcname="/snap/core/2462/etc/nsswitch.conf" flags="rw, bind"
Aug 23 11:58:56 nirvana snap[21476]: cannot perform operation: mount --bind /snap/core/current//etc/nsswitch.conf /tmp/snap.rootfs_jxIslj/etc/nsswitch.conf: Permission denied
Aug 23 11:58:56 nirvana kernel: audit: type=1400 audit(1503482336.199:228): apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_jxIslj/etc/nsswitch.conf" pid=21476 comm="snap-confine" srcname="/snap/core/2462/etc/nsswitch.conf" flags="rw, bind"
The profile in /etc/apparmor.d/usr.lib.snapd.snap-confine.real was up-to-date and had the necessary rules to allow access to nsswitch.conf
$ cat /etc/apparmor.d/usr.lib.snapd.snap-confine.real | grep nss
mount options=(rw bind) /snap/{,ubuntu-}core/*/etc/nsswitch.conf -> /tmp/snap.rootfs_*/etc/nsswitch.conf,
mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/nsswitch.conf,
After a manual
$ apparmor_parser -r /etc/apparmor.d/usr.lib.snapd.snap-confine.real
this was fixed.
A few more details
$ snap --version
snap 2.27.3
snapd 2.27.3
series 16
ubuntu 16.04
kernel 4.10.0-30-generic
$ apt-cache show snapd
Package: snapd
Priority: optional
Section: devel
Installed-Size: 64820
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 2.27.3
Replaces: snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Depends: adduser, apparmor (>= 2.10.95-0ubuntu2.2), ca-certificates, gnupg1 | gnupg, openssh-client, squashfs-tools, systemd, init-system-helpers (>= 1.18~), libc6 (>= 2.17), libudev1 (>= 183)
Conflicts: snap (<< 2013-11-29-1ubuntu1)
Breaks: snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Filename: pool/main/s/snapd/snapd_2.27.3_amd64.deb
Size: 10901200
MD5sum: 57f4163f6bf288c72a33ddf41fe715bf
SHA1: 42956973f7917af65b0f925edafc2f578fff3ef6
SHA256: 4cb1712ef7d4d80c6fd05565463fae8ca5b9faf527fcfba445926b600fd61593
Description-en: Tool to interact with Ubuntu Core Snappy.
Install, configure, refresh and remove snap packages. Snaps are
'universal' packages that work across many different Linux systems,
enabling secure distribution of the latest apps and utilities for
cloud, servers, desktops and the internet of things.
.
This is the CLI for snapd, a background service that takes care of
snaps on the system. Start with 'snap list' to see installed snaps.
Description-md5: ad5806e76513cff3a5382bff8123a97a
Built-Using: apparmor (= 2.10.95-0ubuntu2.6), golang-1.6 (= 1.6.2-0ubuntu5~16.04.3), golang-defaults (= 2:1.6-1ubuntu4), libcap2 (= 1:2.24-12), libseccomp (= 2.2.3-3ubuntu3)
Homepage: https://github.com/snapcore/snapd
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: ubuntu-core, ubuntu-desktop, ubuntu-usb, cloud-image, server, kubuntu-desktop, ubuntu-core, edubuntu-desktop, edubuntu-usb, xubuntu-core, xubuntu-desktop, mythbuntu-desktop, lubuntu-core, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntu-gnome-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-mate-cloudtop
Package: snapd
Priority: optional
Section: devel
Installed-Size: 60468
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 2.26.10
Replaces: snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Depends: adduser, apparmor (>= 2.10.95-0ubuntu2.2), ca-certificates, gnupg1 | gnupg, openssh-client, squashfs-tools, systemd, init-system-helpers (>= 1.18~), libc6 (>= 2.17), libudev1 (>= 183)
Conflicts: snap (<< 2013-11-29-1ubuntu1)
Breaks: snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Filename: pool/main/s/snapd/snapd_2.26.10_amd64.deb
Size: 10113204
MD5sum: 4a634f7769c934a36e93982af89de93b
SHA1: 5417986cabb9aadd4fd25f07308d421141bc7839
SHA256: 0f23b823f5cd70418b4e64d01a2042ff6cc138649d274281b5033f0e6de3ffb1
Description-en: Tool to interact with Ubuntu Core Snappy.
Install, configure, refresh and remove snap packages. Snaps are
'universal' packages that work across many different Linux systems,
enabling secure distribution of the latest apps and utilities for
cloud, servers, desktops and the internet of things.
.
This is the CLI for snapd, a background service that takes care of
snaps on the system. Start with 'snap list' to see installed snaps.
Description-md5: ad5806e76513cff3a5382bff8123a97a
Built-Using: apparmor (= 2.10.95-0ubuntu2.6), golang-1.6 (= 1.6.2-0ubuntu5~16.04.3), golang-defaults (= 2:1.6-1ubuntu4), libcap2 (= 1:2.24-12), libseccomp (= 2.2.3-3ubuntu3)
Homepage: https://github.com/snapcore/snapd
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: ubuntu-core, ubuntu-desktop, ubuntu-usb, cloud-image, server, kubuntu-desktop, ubuntu-core, edubuntu-desktop, edubuntu-usb, xubuntu-core, xubuntu-desktop, mythbuntu-desktop, lubuntu-core, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntu-gnome-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-mate-cloudtop
Package: snapd
Priority: optional
Section: devel
Installed-Size: 18536
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 2.0.2
Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Depends: init-system-helpers (>= 1.18~), libc6 (>= 2.4), adduser, lsb-release, squashfs-tools, ubuntu-core-launcher (>= 1.0.23)
Conflicts: snap (<< 2013-11-29-1ubuntu1), snappy
Breaks: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9)
Filename: pool/main/s/snapd/snapd_2.0.2_amd64.deb
Size: 4010516
MD5sum: 45b58056b9107a47e185f4a9069e5044
SHA1: 003a857233ebd9315c4d5e86efea8015f1d0f28a
SHA256: 27507f566e314d3f1f65b609c7007b69b69249d82233bbfbd1d8a507eeda9d24
Description-en: Tool to interact with Ubuntu Core Snappy.
Manage an Ubuntu system with snappy.
Description-md5: 364ba9499ea9442fb2a40f0fe7925d19
Built-Using: golang-1.6 (= 1.6.1-0ubuntu1), golang-check.v1 (= 0.0+git20150729.11d3bc7-2), golang-defaults (= 2:1.6-1ubuntu4), golang-github-coreos-go-systemd (= 3-2), golang-github-gorilla-mux (= 0.0~git20150814.0.f7b6aaa-1), golang-github-gosexy-gettext (= 0~git20130221-0ubuntu6), golang-github-mvo5-goconfigparser (= 0.2.1-0ubuntu1), golang-github-mvo5-uboot-go (= 0~3.git69978a3-0ubuntu5), golang-github-peterh-liner (= 0.0~git20151118.0.4d47685-1), golang-go-flags (= 0.0~git20160302-0ubuntu1), golang-go.crypto (= 1:0.0~git20151201.0.7b85b09-2), golang-gopkg-tomb.v2 (= 0.0~git20140626.14b3d72-1), golang-pb (= 0.0~git20131219-1), golang-pty (= 0.0~git20150511.1.5cf931e-1ubuntu1), golang-websocket (= 0.0~git20150811.0.b6ab76f-1), golang-yaml.v2 (= 0.0+git20160301.0.a83829b-1)
Homepage: https://github.com/ubuntu-core/snappy
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: ubuntu-core, ubuntu-desktop, ubuntu-usb, cloud-image, server, kubuntu-desktop, ubuntu-core, edubuntu-desktop, edubuntu-usb, xubuntu-core, xubuntu-desktop, mythbuntu-desktop, lubuntu-core, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntu-gnome-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-mate-cloudtop
$ snap info core
name: core
summary: "snapd runtime environment"
publisher: canonical
contact: snappy-canonical-storeaccount@canonical.com
description: |
The core runtime environment for snapd
type: core
snap-id: 99T7MUlRhtI3U0QFgl5mXXESAiSwt776
tracking: stable
installed: 16-2.26.14 (2462) 84MB core
refreshed: 2017-07-20 14:45:34 +0200 CEST
channels:
stable: 16-2.26.14 (2462) 84MB -
candidate: 16-2.27.2 (2677) 85MB -
beta: 16-2.27.2 (2677) 85MB -
edge: 16-2.27.3+git329.f905257 (2720) 86MB -
If somebody wants access to the whole journal log, please ping me.
I didn’t tried to see what happens on next system reboot.
regards,
Simon