openSUSE, apparmor 3.1.5 and kernel 6.3.7 issues

mborzecki1 · June 14, 2023, 11:31am

Looks like we have a new set of issues related to apparmor with snapd 2.59.5 and the the kernel/apparmor versions listed in the topic name. Previously an issue was reported here: Snap applications stopped to work after zypper dup which I have fixed by cherry-picking a patch for snap-confine’s profile. With the latest Tumbleweed snapshot, a new issues appeared which seems to be related to s-u-n profile.

There’s more details in https://bugzilla.suse.com/show_bug.cgi?id=1211989#c12 The profile seems to be there, the rule is there, but so is the denial for exactly the same arguments as the rule.

@alexmurray @jjohansen does this look familiar?

opensuse-snap-user · June 14, 2023, 6:21pm

If it helps, using snap on openSUSE with kernel 6.3.7, but with apparmor on version 3.1.4(-2.1) works. Upgrading apparmor from 3.1.4-2.1 to 3.1.5-1.1 breaks snapd=2.59.5-1.2.

Edit: Breakage was observed on the chromium snap application

Aleksey · June 14, 2023, 9:20pm

Hmmm… I have this error only for telegram, acestream works fine!

alexmurray · June 15, 2023, 2:10am

@jjohansen is looking into this - latest update I saw from him mentioned “I think I even know what is going on will work on getting a fix asap” - so this is in progress.

timojyrinki · June 15, 2023, 11:46am

I filed also https://bugs.launchpad.net/snapd/+bug/2023779 but will now link this discussion there.

mborzecki1 · June 28, 2023, 3:24pm

Since other posts a linking to this one, I’m on TW snapshot 20230625, with apparmor 3.1.6 and things are working again. Thanks to everyone involved in fixing this!