ONLY KDE APPS (mount --rbind /root /tmp/snap.rootfs_JPltQ2//root: Permission denied)

All snap apps (KDE) with problems

cannot perform operation: mount --rbind /root /tmp/snap.rootfs_0BIBbP//root: Permission denied

Does anyone know the solution to this problem?

I have tested with umbrello, kdenlive, krita, skrooge

lsb_release -a

LSB Version:    core-9.20170808ubuntu1-noarch:printing-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID: LinuxMint
Description:    Linux Mint 19.2 Tina
Release:        19.2
Codename:       tina

snap version

snap       2.45
snapd      2.45
series     16
linuxmint  19.2
kernel     4.15.0-106-generic


SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run skrooge
2020/06/15 11:14:10.293835 cmd_linux.go:224: DEBUG: restarting into "/snap/core/current/usr/bin/snap"
2020/06/15 11:14:10.336717 cmd_run.go:398: DEBUG: SELinux not enabled
DEBUG: umask reset, old umask was   02
DEBUG: security tag: snap.skrooge.skrooge
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 1000, sgid: 1000
DEBUG: apparmor label on snap-confine is: /snap/core/9289/usr/lib/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: releasing lock 5
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: opened snap-discard-ns executable as file descriptor 6
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/skrooge.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope skrooge, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: skrooge
DEBUG: snappy_udev_init
DEBUG: setup_devices_cgroup
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
DEBUG: write_string_to_file /sys/fs/cgroup/devices/snap.skrooge.skrooge/cgroup.procs 17680
DEBUG: write_string_to_file /sys/fs/cgroup/devices/snap.skrooge.skrooge/devices.deny a
DEBUG: run_snappy_app_dev_add: /sys/class/mem/null snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/mem/null 1:3
DEBUG: run_snappy_app_dev_add: /sys/class/mem/full snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/mem/full 1:7
DEBUG: run_snappy_app_dev_add: /sys/class/mem/zero snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/mem/zero 1:5
DEBUG: run_snappy_app_dev_add: /sys/class/mem/random snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/mem/random 1:8
DEBUG: run_snappy_app_dev_add: /sys/class/mem/urandom snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/mem/urandom 1:9
DEBUG: run_snappy_app_dev_add: /sys/class/tty/tty snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/tty/tty 5:0
DEBUG: run_snappy_app_dev_add: /sys/class/tty/console snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/tty/console 5:1
DEBUG: run_snappy_app_dev_add: /sys/class/tty/ptmx snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/class/tty/ptmx 5:2
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 136:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 137:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 138:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 139:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 140:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 141:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 142:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/pts/slaves 143:*
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/uhid 10:239
DEBUG: running snap-device-helper add snap_skrooge_skrooge /dev/net/tun 10:200
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/card0 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/card0 226:0
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-1 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-1 0:0
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-2 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-DP-2 0:0
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-HDMI-A-1 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-HDMI-A-1 0:0
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1 0:0
DEBUG: run_snappy_app_dev_add: /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 snap_skrooge_skrooge
DEBUG: running snap-device-helper add snap_skrooge_skrooge /sys/devices/pci0000:00/0000:00:02.0/drm/renderD128 226:128
DEBUG: forked support process 17723
DEBUG: unsharing the mount namespace (per-snap)
DEBUG: changing apparmor hat to mount-namespace-capture-helper
DEBUG: helper process waiting for command
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: scratch directory for constructing namespace: /tmp/snap.rootfs_47PW69
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
cannot perform operation: mount --rbind /root /tmp/snap.rootfs_47PW69//root: Permission denied

Is /root a directory?

is a symbolic link to /home/root

Do you see any denials in the system journal ? I expect that while snap-confine has permissions to mount /root to /tmp/ā€¦ it doesnā€™t have permissions to mount /home/root/ to /tmp/ā€¦

yes, i have tested, if /root is a symbolic link to /home/root, not work

then, i move to /root, this work

Thanks, for answer, and help me.

God Bress

1 Like