I’ve been seeing an issue where a snap refresh will break the exe link in /proc/PID.
Specifically, my chromium process, which normally has exe linked to
/snap/chromium/2529/usr/lib/chromium-browser/chrome will become linked to
/lib/chromim-browser/chrome. When this happens, I start to see these logs (snappy-debug output below) when trying to do things like access the camera (which fails):
= AppArmor = Time: Jul 17 20:38:25 Log: apparmor="DENIED" operation="exec" profile="snap.chromium.chromium" name="/usr/lib/chromium-browser/chrome" pid=4060732 comm="ThreadPoolSingl" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 File: /usr/lib/chromium-browser/chrome (exec) Suggestions: * adjust snap to ship 'chrome' * adjust program to use relative paths if the snap already ships 'chrome'
I first noticed it when snapd refreshed cups on 7/14/23. I’ve been able to occasionally reproduce by reverting and/or refreshing cups manually, although it seems to happen at times when I’d say the chromium process has been “less active” (not accessing cameras, etc.) for a while. When I am able to reproduce, the link seems to break while the output message is along the lines of “refreshing cups security profiles…”
$ snap --version snap 2.59.5 snapd 2.59.5 series 16 ubuntu 22.04 kernel 5.15.0-67-lowlatency
Any suggestions or information are helpful, thanks!