I made a lot of search but didn’t find the solution for my issue.
When I try
snap run xxx (or other app)
I got the error message cannot attach cgroup program: Operation not permitted
I’m running Debian 11
snap 2.54.3.2
snapd 2.54.3.2
series 16
kernel 4.19.0-18-amd64
AppArmor parser version 2.13.6
This issue begin after automatic upgrade of Debian 10 to Debian 11.
With Debian 10 works but I don’t want downgrade my system.
I tried 3 times remove all, also snap, and install again and doesn’t work, reboot…
Thanks in advance,
FWIW I suspect it’s related to cgroup v2, which Debian 10 did not have, but 11 does. However, I would expect that the upgrade would also switch the system to a new kernel (5.10 I belive?), rather than continue with the old kernel (4.19) which I expect to cause problems along the way.
2022/03/10 10:41:20.179795 tool_linux.go:204: DEBUG: restarting into “/snap/core/current/usr/bin/snap”
2022/03/10 10:41:20.429351 cmd_run.go:1026: DEBUG: executing snap-confine from /snap/core/12725/usr/lib/snapd/snap-confine
2022/03/10 10:41:20.430104 cmd_run.go:433: DEBUG: SELinux not enabled
2022/03/10 10:41:20.430446 tracking.go:46: DEBUG: creating transient scope snap.poedit.poedit
2022/03/10 10:41:20.432013 tracking.go:186: DEBUG: using session bus
2022/03/10 10:41:20.435510 tracking.go:319: DEBUG: create transient scope job: /org/freedesktop/systemd1/job/967
2022/03/10 10:41:20.435626 tracking.go:419: DEBUG: job result is “done”
2022/03/10 10:41:20.435745 tracking.go:426: DEBUG: transient scope snap.poedit.poedit.865e5d5f-5838-4e6a-9034-b2e3a7bbe78c.scope created
2022/03/10 10:41:20.436340 tracking.go:146: DEBUG: waited 4.222282ms for tracking
DEBUG: umask reset, old umask was 022
DEBUG: security tag: snap.poedit.poedit
DEBUG: executable: /usr/lib/snapd/snap-exec
DEBUG: confinement: non-classic
DEBUG: base snap: core20
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
DEBUG: apparmor label on snap-confine is: /snap/core/12725/usr/lib/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: releasing lock 5
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: opened snap-discard-ns executable as file descriptor 6
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/poedit.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope poedit, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: poedit
DEBUG: setting up device cgroup
DEBUG: libudev has current tags support
DEBUG: device /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/drm/card0 has matching current tag
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: get bpf object at path /sys/fs/bpf/snap/snap_poedit_poedit
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: found existing device map
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: found 21 existing entries in devices map
DEBUG: delete key for c 1:5
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:9
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:3
DEBUG: delete elem in map 8
DEBUG: delete key for c 140:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:1
DEBUG: delete elem in map 8
DEBUG: delete key for c 195:255
DEBUG: delete elem in map 8
DEBUG: delete key for c 143:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 142:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 138:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:200
DEBUG: delete elem in map 8
DEBUG: delete key for c 141:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 226:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:2
DEBUG: delete elem in map 8
DEBUG: delete key for c 195:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:239
DEBUG: delete elem in map 8
DEBUG: delete key for c 136:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:8
DEBUG: delete elem in map 8
DEBUG: delete key for c 137:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 139:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:7
DEBUG: delete elem in map 8
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: load program of type 0xf, 33 instructions
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: v2 allow c 1:3
DEBUG: v2 allow c 1:5
DEBUG: v2 allow c 1:7
DEBUG: v2 allow c 1:8
DEBUG: v2 allow c 1:9
DEBUG: v2 allow c 5:0
DEBUG: v2 allow c 5:1
DEBUG: v2 allow c 5:2
DEBUG: v2 allow c 136:4294967295
DEBUG: v2 allow c 137:4294967295
DEBUG: v2 allow c 138:4294967295
DEBUG: v2 allow c 139:4294967295
DEBUG: v2 allow c 140:4294967295
DEBUG: v2 allow c 141:4294967295
DEBUG: v2 allow c 142:4294967295
DEBUG: v2 allow c 143:4294967295
DEBUG: v2 allow c 195:0
DEBUG: v2 allow c 195:255
DEBUG: v2 allow c 10:239
DEBUG: v2 allow c 10:200
DEBUG: inspecting type of device: /dev/dri/card0
DEBUG: v2 allow c 226:0
DEBUG: process in cgroup /user.slice/user-1000.slice/user@1000.service/app.slice/snap.poedit.poedit.865e5d5f-5838-4e6a-9034-b2e3a7bbe78c.scope
DEBUG: cgroup /sys/fs/cgroup//user.slice/user-1000.slice/user@1000.service/app.slice/snap.poedit.poedit.865e5d5f-5838-4e6a-9034-b2e3a7bbe78c.scope opened at 10
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: attach type 0x6 program 9 to cgroup 10
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
cannot attach cgroup program: Operation not permitted
When Debian Install the Debian V11 it install Kernel 5.10 but the PC doesn’t boot. Looks like some problem with the memory drives. It is a old motherboard. I need try again and spend some time over that upgrade.
