Hi,
I’m seeing this error whenever I try to run a snap, despite attempts to reinstall snapd: “snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks”
Any ideas?
luciadecastro@sebastian:~$ sudo apt install --reinstall snapd sudo: unable to resolve host sebastian [sudo] password for luciadecastro: Reading package lists… Done Building dependency tree
Reading state information… Done The following packages were automatically installed and are no longer required: libllvm3.8 linux-headers-4.4.0-81 linux-headers-4.4.0-81-generic linux-headers-4.4.0-83 linux-headers-4.4.0-83-generic linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic linux-headers-4.4.0-89 linux-headers-4.4.0-89-generic linux-headers-4.4.0-91 linux-headers-4.4.0-91-generic linux-headers-4.4.0-92 linux-headers-4.4.0-92-generic linux-headers-4.4.0-93 linux-headers-4.4.0-93-generic linux-image-4.4.0-81-generic linux-image-4.4.0-83-generic linux-image-4.4.0-87-generic linux-image-4.4.0-89-generic linux-image-4.4.0-91-generic linux-image-4.4.0-92-generic linux-image-4.4.0-93-generic linux-image-extra-4.4.0-81-generic linux-image-extra-4.4.0-83-generic linux-image-extra-4.4.0-87-generic linux-image-extra-4.4.0-89-generic linux-image-extra-4.4.0-91-generic linux-image-extra-4.4.0-92-generic linux-image-extra-4.4.0-93-generic linux-signed-image-4.4.0-81-generic linux-signed-image-4.4.0-83-generic linux-signed-image-4.4.0-87-generic linux-signed-image-4.4.0-89-generic linux-signed-image-4.4.0-91-generic linux-signed-image-4.4.0-92-generic linux-signed-image-4.4.0-93-generic Use ‘sudo apt autoremove’ to remove them. 0 to upgrade, 0 to newly install, 1 reinstalled, 0 to remove and 45 not to upgrade. Need to get 10.7 MB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://gb.archive.ubuntu.com/ubuntu xenial-updates/main amd64 snapd amd64 2.27.5 [10.7 MB] Fetched 10.7 MB in 2s (4,215 kB/s) (Reading database … 472617 files and directories currently installed.) Preparing to unpack …/snapd_2.27.5_amd64.deb … Warning: Stopping snapd.service, but it can still be activated by: snapd.socket Unpacking snapd (2.27.5) over (2.27.5) … Processing triggers for man-db (2.7.5-1) … Setting up snapd (2.27.5) … luciadecastro@sebastian:~$ ls -la /usr/lib/snapd/snap-confine -rwsr-xr-x 1 root root 81672 Aug 31 06:17 /usr/lib/snapd/snap-confine luciadecastro@sebastian:~$ notes snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks luciadecastro@sebastian:~$ ls -la /usr/lib/snapd total 37736 drwxr-xr-x 2 root root 4096 Oct 6 13:29 . drwxr-xr-x 153 root root 12288 Sep 13 09:24 … -rw-r–r-- 1 root root 4814 Aug 24 02:46 complete.sh -rwxr-xr-x 1 root root 6243 Aug 24 02:46 etelpmoc.sh -rw-r–r-- 1 root root 15 Aug 31 06:14 info -rwsr-xr-x 1 root root 81672 Aug 31 06:17 snap-confine -rwxr-xr-x 1 root root 20031344 Aug 31 06:17 snapd -rwxr-xr-x 1 root root 2273 Aug 31 06:17 snapd.core-fixup.sh -rwxr-xr-x 1 root root 39864 Aug 31 06:17 snap-discard-ns -rwxr-xr-x 1 root root 5461304 Aug 31 06:17 snap-exec -rwxr-xr-x 1 root root 3263832 Aug 31 06:17 snap-repair -rwxr-xr-x 1 root root 3867256 Aug 31 06:17 snap-seccomp -rwxr-xr-x 1 root root 4986008 Aug 31 06:17 snap-update-ns -rwxr-xr-x 1 root root 852928 Aug 31 06:17 system-shutdown luciadecastro@sebastian:~$ file /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine: setuid ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=6f8ebeee19e88c2b883b1c6cb4b541601d58f6f8, stripped
Super! Thank you very much.