Can't open any Snap applications - seems to be an AppArmor confinement issue

I’m randomly unable to open any Snap applications. I get the following error when I try to open any:

cannot perform operation: mount -t tmpfs /tmp/snap.rootfs_jNFULE: Permission denied

I’m running Arch Linux, kernel 6.1.32-1-lts, snapd version 2.59.5-1 and I’ve been running Snap applications without issue for a while. I enabled auditing for AppArmor and get the following when I attempt to open a Snap application:

type=SYSCALL msg=audit(1686073281.370:642): arch=c000003e syscall=321 success=yes exit=9 a0=5 a1=7ffde00e5ba0 a2=90 a3=1000 items=0 ppid=12387 pid=12492 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4 comm=“snap-confine” exe="/usr/lib/snapd/snap-confine" subj=/usr/lib/snapd/snap-confine key=(null)ARCH=x86_64 SYSCALL=bpf AUID=“dan” UID=“dan” GID=“dan” EUID=“root” SUID=“root” FSUID=“root” EGID=“dan” SGID=“dan” FSGID=“dan” type=PROCTITLE msg=audit(1686073281.370:642): proctitle=2F7573722F6C69622F736E6170642F736E61702D636F6E66696E65002D2D6261736500636F7265323000736E61702E706C65782D6465736B746F702E706C65782D6465736B746F70002F7573722F6C69622F736E6170642F736E61702D6578656300706C65782D6465736B746F70 type=AVC msg=audit(1686073281.370:643): apparmor=“DENIED” operation=“mount” info=“failed perms check” error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_6GyyUg/" pid=12492 comm=“snap-confine” fstype=“tmpfs” srcname=“none” type=SYSCALL msg=audit(1686073281.370:643): arch=c000003e syscall=165 success=no exit=-13 a0=5611b612e0e7 a1=7ffde00e3e70 a2=5611b612e0e1 a3=0 items=0 ppid=12387 pid=12492 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4 comm=“snap-confine” exe="/usr/lib/snapd/snap-confine" subj=/usr/lib/snapd/snap-confine key=(null)ARCH=x86_64 SYSCALL=mount AUID=“dan” UID=“dan” GID=“dan” EUID=“root” SUID=“root” FSUID=“root” EGID=“dan” SGID=“dan” FSGID=“dan” type=PROCTITLE msg=audit(1686073281.370:643): proctitle=2F7573722F6C69622F736E6170642F736E61702D636F6E66696E65002D2D6261736500636F7265323000736E61702E706C65782D6465736B746F702E706C65782D6465736B746F70002F7573722F6C69622F736E6170642F736E61702D6578656300706C65782D6465736B746F70 type=BPF msg=audit(1686073281.417:644): prog-id=67 op=UNLOAD type=SERVICE_START msg=audit(1686073298.236:645): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-tmpfiles-clean comm=“systemd” exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success’UID=“root” AUID=“unset” type=SERVICE_STOP msg=audit(1686073298.236:646): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=systemd-tmpfiles-clean comm=“systemd” exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success’UID=“root” AUID=“unset”

Any help is appreciated and please let me know if more info is needed.

See

https://forum.snapcraft.io/t/apparmor-issue/35461/6

and

https://forum.snapcraft.io/t/snap-applications-stopped-to-work-after-zypper-dup/35467/6

Workarounds are in the threads there and a fix in snapd is on the way…

The workaround worked. Thanks so much!

1 Like