Qt5 KDE integration in VLC snap is broken due to linkat() denial

thresh · May 16, 2018, 11:40am

Hello,

the VLC snap includes some utilities from Neon project to nicely integrate with KDE when launched on a respective platform.

However, it does not seem to work and I’d like to have some guidance on how to debug this – I think it might be related to apparmor rules, but I’m not entirely sure it’s the case.

So to reproduce, you need to run LC_ALL=C snap run vlc -vvv under Plasma, with VLC from stable channel, or any other actually - they all share the same behaviour. In VLC Qt interface, click “Media” -> “Open file” and you’ll be presented with nice error windows, saying
1/ Unable to save bookmarks in /home/thresh/snap/vlc/333/.local/share/user-places.xbel. Reported error was: No such file or directory. This error message will only be shown once. The cause of the error needs to be fixed as quickly as possible, which is most likely a full hard drive.

and when you click “OK”, the next one pops in:
2/ Unable to create io-slave. Can not create socket for launching io-slave for protocol ‘file’.

The open file dialog is KDE-looking, but is completely useless, rendering many errors.

Meanwhile in the console we can see:
kf5.kbookmarks: “Unable to save bookmarks in /home/thresh/snap/vlc/333/.local/share/user-places.xbel. File reported the following error-code: 10.”
kf5.kio.core: KIO Connection server not listening, could not connect
kf5.kio.core: couldn’t create slave: “Can not create socket for launching io-slave for protocol ‘file’.”
kf5.kio.core: Invalid URL: QUrl("/home/thresh/snap/vlc/333")
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: No ksycoca database available! Tried running kbuildsycoca5 ?
kf5.kservice.services: KServiceTypeTrader: serviceType “ThumbCreator” not found
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: No ksycoca database available! Tried running kbuildsycoca5 ?
kf5.kservice.services: KServiceTypeTrader: serviceType “ThumbCreator” not found
kf5.kio.core: KIO Connection server not listening, could not connect
kf5.kio.core: couldn’t create slave: “Can not create socket for launching io-slave for protocol ‘file’.”
WARNING: bool Phonon::FactoryPrivate::createBackend() phonon backend plugin could not be loaded
WARNING: bool Phonon::FactoryPrivate::createBackend() phonon backend plugin could not be loaded
WARNING: bool Phonon::FactoryPrivate::createBackend() phonon backend plugin could not be loaded
org.kde.knotifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: No ksycoca database available! Tried running kbuildsycoca5 ?
kf5.kservice.services: KServiceTypeTrader: serviceType “ThumbCreator” not found
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: ERROR writing database “/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=” . Disk full?
kf5.kservice.sycoca: No ksycoca database available! Tried running kbuildsycoca5 ?
kf5.kservice.services: KServiceTypeTrader: serviceType “ThumbCreator” not found
kf5.kio.core: KIO Connection server not listening, could not connect
kf5.kio.core: couldn’t create slave: “Can not create socket for launching io-slave for protocol ‘file’.”
org.kde.knotifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification

Why all the denials? Arent those directories supposed to be accessible by VLC?

thresh · May 16, 2018, 11:41am

In dmesg while this was all happening:
[92281.696025] audit: type=1400 audit(1526470287.704:1276): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/#279434158" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92281.696037] audit: type=1400 audit(1526470287.704:1277): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/user-places.xbel.tbcache" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/333/.local/share/#279434158"
[92281.700987] audit: type=1400 audit(1526470287.708:1278): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/#279434158" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92281.700998] audit: type=1400 audit(1526470287.708:1279): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/user-places.xbel" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/333/.local/share/#279434158"
[92283.531987] audit: type=1400 audit(1526470289.540:1280): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661888" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92283.531991] audit: type=1400 audit(1526470289.540:1281): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/qt_compose_cache_little_endian_coal" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661888"
[92297.277867] audit: type=1400 audit(1526470303.284:1282): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/#279434158" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.277876] audit: type=1400 audit(1526470303.284:1283): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/user-places.xbel.tbcache" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/333/.local/share/#279434158"
[92297.282486] audit: type=1400 audit(1526470303.288:1284): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/#279434158" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.282495] audit: type=1400 audit(1526470303.288:1285): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/333/.local/share/user-places.xbel" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/333/.local/share/#279434158"
[92297.416285] audit: type=1400 audit(1526470303.424:1286): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416287] audit: type=1400 audit(1526470303.424:1287): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcjasExA.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416289] audit: type=1400 audit(1526470303.424:1288): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416290] audit: type=1400 audit(1526470303.424:1289): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcnHzxrg.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416292] audit: type=1400 audit(1526470303.424:1290): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416293] audit: type=1400 audit(1526470303.424:1291): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcqjJOhS.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416294] audit: type=1400 audit(1526470303.424:1292): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416295] audit: type=1400 audit(1526470303.424:1293): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcErnZRK.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416305] audit: type=1400 audit(1526470303.424:1294): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416307] audit: type=1400 audit(1526470303.424:1295): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcaFYepY.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416308] audit: type=1400 audit(1526470303.424:1296): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416310] audit: type=1400 audit(1526470303.424:1297): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcrnMMmG.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416380] audit: type=1400 audit(1526470303.424:1298): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416382] audit: type=1400 audit(1526470303.424:1299): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcgtOzVq.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416383] audit: type=1400 audit(1526470303.424:1300): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416384] audit: type=1400 audit(1526470303.424:1301): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcZqOCpx.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416385] audit: type=1400 audit(1526470303.424:1302): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416386] audit: type=1400 audit(1526470303.424:1303): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcGaYxcQ.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416387] audit: type=1400 audit(1526470303.424:1304): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416389] audit: type=1400 audit(1526470303.424:1305): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcbrnwYr.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416390] audit: type=1400 audit(1526470303.424:1306): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416392] audit: type=1400 audit(1526470303.424:1307): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcRPyKNX.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416393] audit: type=1400 audit(1526470303.424:1308): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416394] audit: type=1400 audit(1526470303.424:1309): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcpmehGy.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416395] audit: type=1400 audit(1526470303.424:1310): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416396] audit: type=1400 audit(1526470303.424:1311): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcvZkhyq.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416397] audit: type=1400 audit(1526470303.424:1312): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416398] audit: type=1400 audit(1526470303.424:1313): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcwZvUjh.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416469] audit: type=1400 audit(1526470303.424:1314): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416470] audit: type=1400 audit(1526470303.424:1315): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcTeceJW.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.416471] audit: type=1400 audit(1526470303.424:1316): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054268" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.416473] audit: type=1400 audit(1526470303.424:1317): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcAuhLpT.1.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054268"
[92297.582106] audit: type=1400 audit(1526470303.588:1318): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.582109] audit: type=1400 audit(1526470303.588:1319): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92297.707613] audit: type=1400 audit(1526470303.712:1320): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.707627] audit: type=1400 audit(1526470303.712:1321): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92297.842858] audit: type=1400 audit(1526470303.848:1322): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.842867] audit: type=1400 audit(1526470303.848:1323): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92297.975669] audit: type=1400 audit(1526470303.984:1324): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.975673] audit: type=1400 audit(1526470303.984:1325): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92297.990549] audit: type=1400 audit(1526470303.996:1326): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990552] audit: type=1400 audit(1526470303.996:1327): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcpuraxm.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990553] audit: type=1400 audit(1526470303.996:1328): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990554] audit: type=1400 audit(1526470303.996:1329): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcmgPilE.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990561] audit: type=1400 audit(1526470303.996:1330): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990562] audit: type=1400 audit(1526470303.996:1331): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcHhnIQg.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990569] audit: type=1400 audit(1526470303.996:1332): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990570] audit: type=1400 audit(1526470303.996:1333): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcQnABAA.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990577] audit: type=1400 audit(1526470303.996:1334): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990579] audit: type=1400 audit(1526470303.996:1335): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcuBZrCQ.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990586] audit: type=1400 audit(1526470303.996:1336): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990587] audit: type=1400 audit(1526470303.996:1337): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcyzOuwR.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990594] audit: type=1400 audit(1526470303.996:1338): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990595] audit: type=1400 audit(1526470303.996:1339): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcWmeZrL.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990603] audit: type=1400 audit(1526470303.996:1340): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990604] audit: type=1400 audit(1526470303.996:1341): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcuBCDnf.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990611] audit: type=1400 audit(1526470303.996:1342): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990612] audit: type=1400 audit(1526470303.996:1343): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcfisqnw.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990620] audit: type=1400 audit(1526470303.996:1344): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990622] audit: type=1400 audit(1526470303.996:1345): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcqxlggw.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990629] audit: type=1400 audit(1526470303.996:1346): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990630] audit: type=1400 audit(1526470303.996:1347): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlchloMTW.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990637] audit: type=1400 audit(1526470303.996:1348): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990639] audit: type=1400 audit(1526470303.996:1349): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlctTdrCE.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990646] audit: type=1400 audit(1526470303.996:1350): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990648] audit: type=1400 audit(1526470303.996:1351): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcccEziF.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990655] audit: type=1400 audit(1526470303.996:1352): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990657] audit: type=1400 audit(1526470303.996:1353): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcTowbLP.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990668] audit: type=1400 audit(1526470303.996:1354): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990669] audit: type=1400 audit(1526470303.996:1355): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcDTjFYW.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92297.990675] audit: type=1400 audit(1526470303.996:1356): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3054272" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92297.990677] audit: type=1400 audit(1526470303.996:1357): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcpwHTGf.2.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3054272"
[92298.275820] audit: type=1400 audit(1526470304.284:1358): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92298.275824] audit: type=1400 audit(1526470304.284:1359): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92298.397972] audit: type=1400 audit(1526470304.404:1360): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92298.397975] audit: type=1400 audit(1526470304.404:1361): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92298.521528] audit: type=1400 audit(1526470304.528:1362): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92298.521534] audit: type=1400 audit(1526470304.528:1363): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92298.654733] audit: type=1400 audit(1526470304.660:1364): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/#828661889" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92298.654736] audit: type=1400 audit(1526470304.660:1365): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/home/thresh/snap/vlc/common/.cache/ksycoca5_en__Rjc0t0ER56XzAZ0z3fHquaT+MA=" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/home/thresh/snap/vlc/common/.cache/#828661889"
[92314.602753] audit: type=1400 audit(1526470320.609:1366): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602763] audit: type=1400 audit(1526470320.609:1367): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcuozGHK.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602770] audit: type=1400 audit(1526470320.609:1368): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602775] audit: type=1400 audit(1526470320.609:1369): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcaEXKTw.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602782] audit: type=1400 audit(1526470320.609:1370): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602788] audit: type=1400 audit(1526470320.609:1371): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcYorwON.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602795] audit: type=1400 audit(1526470320.609:1372): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602801] audit: type=1400 audit(1526470320.609:1373): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcQxsYPZ.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602850] audit: type=1400 audit(1526470320.609:1374): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602857] audit: type=1400 audit(1526470320.609:1375): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcLoVrzZ.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602863] audit: type=1400 audit(1526470320.609:1376): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602870] audit: type=1400 audit(1526470320.609:1377): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcFZIoNx.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.602989] audit: type=1400 audit(1526470320.609:1378): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.602997] audit: type=1400 audit(1526470320.609:1379): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcrwqeeF.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.603003] audit: type=1400 audit(1526470320.609:1380): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000
[92314.603009] audit: type=1400 audit(1526470320.609:1381): apparmor=“DENIED” operation=“link” profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/vlcabHmec.3.slave-socket" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000 target="/run/user/1000/snap.vlc/#3056070"
[92314.603015] audit: type=1400 audit(1526470320.609:1382): apparmor=“DENIED” operation=“link” info=“Failed name lookup - deleted entry” error=-2 profile=“snap.vlc.vlc” name="/run/user/1000/snap.vlc/#3056070" pid=313 comm=“vlc” requested_mask=“l” denied_mask=“l” fsuid=1000 ouid=1000

thresh · May 16, 2018, 11:41am

thresh@coal ~ $ dpkg -l | egrep -e '(snap|apparmor)'
ii  apparmor                                      2.12-4                         amd64        user-space parser utility for AppArmor
ii  apparmor-utils                                2.12-4                         amd64        utilities for controlling AppArmor
ii  libapparmor1:amd64                            2.12-4                         amd64        changehat AppArmor library
ii  libsnappy1v5:amd64                            1.1.7-1                        amd64        fast compression/decompression library
ii  python3-apparmor                              2.12-4                         amd64        AppArmor Python3 utility library
ii  python3-libapparmor                           2.12-4                         amd64        AppArmor library Python3 bindings
ii  snapd                                         2.30-5+b1                      amd64        Tool to interact with Ubuntu Core Snappy.
thresh@coal ~ $ snap info --verbose vlc             
name:      vlc
summary:   The ultimate media player
publisher: videolan
contact:   https://www.videolan.org/support/
license:   unknown
description: |
  VLC is the VideoLAN project's media player.
  
  Completely open source and privacy-friendly, it plays every multimedia file and streams.
  
  It notably plays MKV, MP4, MPEG, MPEG-2, MPEG-4, DivX, MOV, WMV, QuickTime, WebM, FLAC, MP3,
  Ogg/Vorbis files, BluRays, DVDs, VCDs, podcasts, and multimedia streams from various network sources.
  It supports subtitles, closed captions and is translated in numerous languages.
commands:
  - vlc
notes:               
  private:           false
  confinement:       strict
  devmode:           false
  jailmode:          false
  trymode:           false
  enabled:           true
  broken:            false
  ignore-validation: false
snap-id:   RT9mcUhVsRYrDLG8qnvGiy26NKvv6Qkd
tracking:  beta
refreshed: 2018-05-16T09:08:24+03:00
installed:   3.0.2-51-gfb3a5ca       (333) 198MB 
channels:                                  
  stable:    3.0.1-4-g14a4897        (190) 189MB -
  candidate: 3.0.2                   (277) 192MB -
  beta:      3.0.2-51-gfb3a5ca       (333) 198MB -
  edge:      4.0.0-dev-2848-g0836477 (332) 197MB -
thresh@coal ~ $ snap info --verbose core            
name:      core
summary:   snapd runtime environment
publisher: canonical
contact:   snappy-canonical-storeaccount@canonical.com
license:   unknown
description: |
  The core runtime environment for snapd
notes:               
  private:           false
  confinement:       strict
  devmode:           false
  jailmode:          false
  trymode:           false
  enabled:           true
  broken:            false
  ignore-validation: false
type:      core
snap-id:   99T7MUlRhtI3U0QFgl5mXXESAiSwt776
tracking:  stable
refreshed: 2018-04-29T21:29:48+03:00
installed:   16-2.32.6                (4571) 90MB 
channels:                                    
  stable:    16-2.32.6                (4571) 90MB -
  candidate: 16-2.32.8                (4650) 90MB -
  beta:      16-2.32.8                (4650) 90MB -
  edge:      16-2.32.8+git720.9dc7b89 (4677) 90MB -
thresh@coal ~ $ 

thresh@coal ~ $ cat /var/lib/snapd/apparmor/profiles/snap.vlc.vlc 

#include <tunables/global>

@{SNAP_NAME}="vlc"
@{SNAP_REVISION}="333"
@{PROFILE_DBUS}="snap_2evlc_2evlc"
@{INSTALL_DIR}="/snap"

profile "snap.vlc.vlc" (attach_disconnected) {
  # set file rules so that exec() inherits our profile unless there is
  # already a profile for it (eg, snap-confine)
  / rwkl,
  /** rwlkm,
  /** pix,

  capability,
  change_profile,
  dbus,
  network,
  mount,
  remount,
  umount,
  pivot_root,
  ptrace,
  signal,
  unix,


}

chipaca · May 17, 2018, 11:03am

@jdstrand @zyga-snapd it looks like we need to tweak something for qt5?

jdstrand · May 17, 2018, 5:36pm

No, 'l’ink is already allowed for these paths.

jdstrand · May 17, 2018, 5:36pm

This looks like Qt 5.10 + linkat denials = broken KDE snaps. Please respond in that thread with the output of ‘snap version’.

jdstrand · May 18, 2018, 12:41pm

@thresh responded in the other thread with:

"As requested:

$ snap version
snap    2.32.6
snapd   2.32.6
series  16
debian  
kernel  4.16.0-1-amd64

This is on debian testing."

jdstrand · May 18, 2018, 12:42pm

@thresh, what is the output of:

$ snap debug confinement

thresh · May 18, 2018, 2:06pm

There you go:

thresh@coal ~ $ snap debug confinement
partial

jdstrand · May 18, 2018, 2:20pm

@zyga-snapd - something seems wrong here, the system reports partial confinement but @thresh is seeing apparmor denials on Debian looking as if the system is in strict confinement.

@thresh - can you paste the output of cat /var/lib/snapd/apparmor/profiles/snap.vlc.vlc?

thresh · May 18, 2018, 2:22pm

Here you go:

thresh@coal ~ $ cat /var/lib/snapd/apparmor/profiles/snap.vlc.vlc

#include <tunables/global>

@{SNAP_NAME}="vlc"
@{SNAP_REVISION}="337"
@{PROFILE_DBUS}="snap_2evlc_2evlc"
@{INSTALL_DIR}="/snap"

profile "snap.vlc.vlc" (attach_disconnected) {
  # set file rules so that exec() inherits our profile unless there is
  # already a profile for it (eg, snap-confine)
  / rwkl,
  /** rwlkm,
  /** pix,

  capability,
  change_profile,
  dbus,
  network,
  mount,
  remount,
  umount,
  pivot_root,
  ptrace,
  signal,
  unix,


}

jdstrand · May 18, 2018, 2:24pm

@zyga-snapd - hmm, snapd seems to be doing the right thing. Maybe this is an upstream kernel issue.

jdstrand · May 18, 2018, 2:38pm

From IRC from thresh:

$ snap info vlc
name:      vlc
summary:   The ultimate media player
publisher: videolan
contact:   https://www.videolan.org/support/
license:   unknown
description: |
  VLC is the VideoLAN project's media player.
  
  Completely open source and privacy-friendly, it plays every multimedia file and streams.
  
  It notably plays MKV, MP4, MPEG, MPEG-2, MPEG-4, DivX, MOV, WMV, QuickTime, WebM, FLAC, MP3,
  Ogg/Vorbis files, BluRays, DVDs, VCDs, podcasts, and multimedia streams from various network sources.
  It supports subtitles, closed captions and is translated in numerous languages.
commands:
  - vlc
snap-id:   RT9mcUhVsRYrDLG8qnvGiy26NKvv6Qkd
tracking:  beta
refreshed: 2018-05-18T09:14:27+03:00
installed:   3.0.2-185-g2ee8bd6      (337) 198MB -
channels:                                  
  stable:    3.0.1-4-g14a4897        (190) 189MB -
  candidate: 3.0.2                   (277) 192MB -
  beta:      3.0.2-185-g2ee8bd6      (337) 198MB -
edge: 4.0.0-dev-2905-gff840c5 (336) 192MB -

jdstrand · May 18, 2018, 3:50pm

FYI, I installed Debian testing from netinst, then used tasksel to install the KDE desktop environment, then installed the vlc snap from the beta channel and can reproduce this on vlc ‘Quit’:

May 18 10:47:13 debian-testing-amd64 audit[2568]: AVC apparmor="DENIED" operation="link" info="Failed name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" name="/home/jamie/snap/vlc/337/.config/vlc/#18120" pid=2568 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
May 18 10:47:13 debian-testing-amd64 kernel: audit: type=1400 audit(1526658433.250:103): apparmor="DENIED" operation="link" info="Failed name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" name="/home/jamie/snap/vlc/337/.config/vlc/#18120" pid=2568 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
May 18 10:47:13 debian-testing-amd64 kernel: audit: type=1400 audit(1526658433.250:104): apparmor="DENIED" operation="link" profile="snap.vlc.vlc" name="/home/jamie/snap/vlc/337/.config/vlc/vlc-qt-interface.conf" pid=2568 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/home/jamie/snap/vlc/337/.config/vlc/#18120"
May 18 10:47:13 debian-testing-amd64 audit[2568]: AVC apparmor="DENIED" operation="link" profile="snap.vlc.vlc" name="/home/jamie/snap/vlc/337/.config/vlc/vlc-qt-interface.conf" pid=2568 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/home/jamie/snap/vlc/337/.config/vlc/#18120"

jdstrand · May 18, 2018, 7:15pm

Ok, this is indeed the same as Qt 5.10 + linkat denials = broken KDE snaps. I’ve filed https://bugs.launchpad.net/apparmor/+bug/1772097 to track this.

jdstrand · May 23, 2018, 7:09pm

https://github.com/snapcore/snapd/pull/5194