In progress: snapd 2.27.5

snapd
22

snapd 2.27 and snapd-glib 1.16 have been submitted as updates for Fedora 25 and Fedora 26:

As Fedora 24 reached EOL on August 8, updates for snapd and snapd-glib have ended for this release and it will remain on snapd 2.26.3 and snapd-glib 1.15.

3 Likes
23

snapd 2.27 for openSUSE is still in progress, pending investigation into a test case failure that seems to be related to golang goroutine scheduling. This has been observed reliably on golang 1.8.3 and kernel 4.11.8-2. I will keep you posted when the issue is understood and resolved.

24

I just tried running hiri snap with 2.27 on Ubuntu 16.04 and QtWebEngine browser isn’t loading. The app uses browser-support interface with QTWEBENGINE_DISABLE_SANDBOX=1.

Everything works fine with core 16-2.26.14.

25

I thought this might’ve been related to 2.27 not (yet, @mvo will include it) having the unity7/x11 fixes from https://github.com/snapcore/snapd/pull/3715, but I just installed hiri on 16.04 and it launched fine.

Are you seeing any security denials in /var/log/syslog when you launch your application? Please paste:

$ grep audit /var/log/syslog
26

Sorry, I should have been more specific. The app launches fine but WebEngine doesn’t load later in the process. To see it in action, just enter test@hiri.com in the first step and the next step in the wizard will try to load a QtWebEngine and fail.

As for the syslog, there is this denial that seems related:

Aug 12 00:20:06 osboxes kernel: [32238.979475] audit: type=1326 audit(1502493606.317:696): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=28160 comm="Chrome_IOThread" exe="/snap/hiri/5/main" sig=31 arch=c000003e syscall=41 compat=0 ip=0x7f89f72de567 code=0x0

The problem could be on our end, but perhaps it somehow got exposed with the latest snapd update. We’ve come across this WebEngine not loading problem on Fedora 26 too (latest stable core), so I wonder if this is actually the same problem. I’ll keep debugging it.

27

This will likely be fixed by a new 2.27.1 release.

28

The 2.27.1 release is now available in the beta channel. @pop if you could check if that fixes your issue that would be greatly appreciated.

29

Works fine with 2.27.1. Will that be released instead or after 2.27?

Thanks!

30

We will release 2.27.1 instead of 2.27 to the stable core and also as distro updates. Sorry for the regression and thanks for the bugreport about it!

31

No problem and thank you all very much! Btw, I just tested this on Fedora 26 and it works fine with 2.27.1.

32

I see issues setting up security profiles on Ubuntu 17.04 classic, attempting to upgrade from 2.26.14 with lxd snap installed and in use:

⟫ snap refresh --beta core
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:x11 (slot auto-connection), candidates found: "redacted:x11, duckmarines:x11, hiri:x11"
error: cannot perform the following tasks:
- Setup snap "core" (2660) security profiles (cannot setup mount for snap "lxd": cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory)
- Setup snap "core" (2660) security profiles (cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory)
- Setup snap "core" (2660) security profiles (phase 2) (cannot setup mount for snap "lxd": cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory)
- Setup snap "core" (2660) security profiles (phase 2) (cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory)

⟫ snap tasks --last=refresh
Status  Spawn                 Ready                 Summary
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Download snap "core" (2660) from channel "beta"
Done    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Fetch and check assertions for snap "core" (2660)
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:56Z  Mount snap "core" (2660)
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:56Z  Stop snap "core" services
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:56Z  Remove aliases for snap "core"
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Make current revision for snap "core" unavailable
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Copy snap "core" data
Error   2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Setup snap "core" (2660) security profiles
Undone  2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Make snap "core" (2660) available to the system
Error   2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Setup snap "core" (2660) security profiles (phase 2)
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Set automatic aliases for snap "core"
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Setup snap "core" aliases
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Start snap "core" (2660) services
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Remove data for snap "core" (2312)
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Remove snap "core" (2312) from the system
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Clean up "core" (2660) install
Hold    2017-08-14T11:03:32Z  2017-08-14T11:03:54Z  Run configure hook of "core" snap if present

......................................................................
Make current revision for snap "core" unavailable

2017-08-14T12:03:54+01:00 INFO Requested daemon restart.

......................................................................
Setup snap "core" (2660) security profiles

2017-08-14T12:03:51+01:00 INFO cannot auto connect core:gsettings (slot auto-connection), candidates found: "redacted:gsettings, duckmarines:gsettings"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:home (slot auto-connection), candidates found: "redacted:home, hiri:home, lxd:home"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:network (slot auto-connection), candidates found: "emoj:network, redacted:network, duckmarines:network, hiri:network, lxd:network, snapstore:network"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:network-bind (slot auto-connection), candidates found: "duckmarines:network-bind, snapstore:network-bind, canonical-livepatch:network-bind"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:opengl (slot auto-connection), candidates found: "redacted:opengl, duckmarines:opengl, hiri:opengl"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:pulseaudio (slot auto-connection), candidates found: "redacted:pulseaudio, duckmarines:pulseaudio, hiri:pulseaudio"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:unity7 (slot auto-connection), candidates found: "redacted:unity7, hiri:unity7"
2017-08-14T12:03:51+01:00 INFO cannot auto connect core:x11 (slot auto-connection), candidates found: "redacted:x11, duckmarines:x11, hiri:x11"
2017-08-14T12:03:54+01:00 ERROR cannot setup mount for snap "lxd": cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory
2017-08-14T12:03:54+01:00 ERROR cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory

......................................................................
Make snap "core" (2660) available to the system

2017-08-14T12:03:51+01:00 INFO Requested daemon restart.

......................................................................
Setup snap "core" (2660) security profiles (phase 2)

2017-08-14T12:03:54+01:00 ERROR cannot setup mount for snap "lxd": cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory
2017-08-14T12:03:54+01:00 ERROR cannot update mount namespace of snap "lxd": cannot update preserved namespace of snap "lxd": cannot update snap namespace: cannot save current mount profile of snap "lxd": open /run/snapd/ns: no such file or directory
33

I just tested opening links with xdg-open with 2.27.1 and it seems that this isn’t working, even though the PR seems to have gone in.

More info:

34

did you make sure to restart the apps using xdg-open after you refreshed core ?

35

Yes, I removed and reinstalled the snap after refreshing the core. I tried with other snaps too and it’s not working. Are you able to reproduce it?

36

hmm, no, you are right, seems the interface fix did not land …

[82123.608583] audit: type=1400 audit(1502712117.462:129): apparmor="DENIED" operation="exec" profile="snap.snapcraft-forum.snapcraft-forum" name="/usr/bin/xdg-open" pid=5045 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0

the fix landed in master a while ago as:

https://github.com/snapcore/snapd/pull/3613

probably it did not get moved to the release branch for 2.27.1 ?

37

The proposed updates (currently in updates-testing) have been updated to snapd-2.27.1:

They should synchronize out to the mirrors within the next 24-48 hours.

38

I hope it makes it since it has been a while since this broke

1 Like
39

Thanks for this! This was indeed not ported to 2.27 and https://github.com/snapcore/snapd/pull/3731 will fix this. So there will be a 2.27.2 with this fix in.

40

There is one more blocker for 2.27.2: Artful i386 panics - there are branches with a workaround so hopefully we can merge this soon(ish).

41

The 2.27.2 release that fixes the issue found and outlined here is now in the beta channel and in artful.

1 Like