How can I use snap when I don't use /home/$USER?

hideo67 · January 3, 2018, 3:24pm

Yes, I did run apparmor_parser as follows:

% sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/*
% sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
% ls /var/lib/snapd/apparmor/profiles/*
/var/lib/snapd/apparmor/profiles/snap.core.hook.configure  /var/lib/snapd/apparmor/profiles/snap.hello.universe
/var/lib/snapd/apparmor/profiles/snap.hello.hello
% ls /etc/apparmor.d/*snap-confine*
/etc/apparmor.d/snap.core.3604.usr.lib.snapd.snap-confine  /etc/apparmor.d/usr.lib.snapd.snap-confine.real
/etc/apparmor.d/snap.core.3748.usr.lib.snapd.snap-confine

And sadly, I still get:

% snap run hello
cannot create user data directory: /data1/home/hideo-t/snap/hello/20: Read-only file system

And the snap version:

% snap --version
snap    2.30
snapd   2.30
series  16
ubuntu  16.04
kernel  4.10.0-42-generic

jounalctl output is as follows (no log entry around time of error):

% date
Thu Jan  4 00:18:10 JST 2018
% snap run hello
cannot create user data directory: /data1/home/hideo-t/snap/hello/20: Read-only file system
% sudo journalctl | grep audit | tail
Jan 04 00:14:57 seventeen audit[31356]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=31356 comm="apparmor_parser"
Jan 04 00:14:57 seventeen audit[31356]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//snap_update_ns" pid=31356 comm="apparmor_parser"
Jan 04 00:14:57 seventeen audit[31354]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine" pid=31354 comm="apparmor_parser"
Jan 04 00:14:57 seventeen kernel: audit: type=1400 audit(1514992497.339:53): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=31356 comm="apparmor_parser"
Jan 04 00:14:57 seventeen kernel: audit: type=1400 audit(1514992497.339:54): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//snap_update_ns" pid=31356 comm="apparmor_parser"
Jan 04 00:14:57 seventeen kernel: audit: type=1400 audit(1514992497.339:55): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine" pid=31354 comm="apparmor_parser"
Jan 04 00:14:57 seventeen audit[31354]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=31354 comm="apparmor_parser"
Jan 04 00:14:57 seventeen audit[31354]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine//snap_update_ns" pid=31354 comm="apparmor_parser"
Jan 04 00:14:57 seventeen kernel: audit: type=1400 audit(1514992497.367:56): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=31354 comm="apparmor_parser"
Jan 04 00:14:57 seventeen kernel: audit: type=1400 audit(1514992497.367:57): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/3604/usr/lib/snapd/snap-confine//snap_update_ns" pid=31354 comm="apparmor_parser"