Hello,
I’ve been seeing an issue where a snap refresh will break the exe link in /proc/PID.
Specifically, my chromium process, which normally has exe linked to /snap/chromium/2529/usr/lib/chromium-browser/chrome will become linked to /lib/chromim-browser/chrome. When this happens, I start to see these logs (snappy-debug output below) when trying to do things like access the camera (which fails):
= AppArmor =
Time: Jul 17 20:38:25
Log: apparmor="DENIED" operation="exec" profile="snap.chromium.chromium" name="/usr/lib/chromium-browser/chrome" pid=4060732 comm="ThreadPoolSingl" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/lib/chromium-browser/chrome (exec)
Suggestions:
* adjust snap to ship 'chrome'
* adjust program to use relative paths if the snap already ships 'chrome'
I first noticed it when snapd refreshed cups on 7/14/23. I’ve been able to occasionally reproduce by reverting and/or refreshing cups manually, although it seems to happen at times when I’d say the chromium process has been “less active” (not accessing cameras, etc.) for a while. When I am able to reproduce, the link seems to break while the output message is along the lines of “refreshing cups security profiles…”
Snap info:
$ snap --version
snap 2.59.5
snapd 2.59.5
series 16
ubuntu 22.04
kernel 5.15.0-67-lowlatency
Any suggestions or information are helpful, thanks!