Snap-update-ns failing, cannot launch snaps

I use Kali Linux for my pentesting needs. I installed snap to get some of my needs like Tusk (Evernote for Linux).

I installed via apt install snapd and ran sudo systemctl enable --now snapd.socket to get snap working. Then I ran snap install tusk which installed fine. It did warn me my $PATH was not there etc and I should restart, which I did.

After restarting I tried starting Tusk but it wouldn’t start. As a result, I tried to start it via terminal by writing snap run Tusk to which I got this:

cannot change profile for the next exec call: No such file or directory
snap-update-ns failed with code 1: File exists

Now I did find a thread regarding this and found running apparmor_parser -r /var/lib/snapd/apparmor/profiles/* fixes this but I have to run this everytime I restart my laptop. Is there a permanent fix for this?

Bumping the thread for visibility

Bumping the thread as I still need help

What’s the output of

snap version
snap debug sandbox-features

?

Thank you.

Hi

Kali linux is not on the set of distributions we regularly test so some things may misbehave. In this specific case I think the snapd.apparmor.service is required to load snapd-specific apparmor profiles on boot.

I’m not familiar with Kali linux so I don’t know if it is derived from another distribution or what kind of file system flavour it uses. I would first start by looking at this list of topics:

  • check if snapd needs to blacklist kali for re-execution
  • check if snap-confine is configured and built correctly
  • check if all snapd systemd units are loaded
    • this last part is tricky because some units are only needed on “core” systems that don’t use classic packages and where snapd manages the entire operating system
1 Like

Hi!

I ran now into the same issue with Ubuntu 18.04, when running Graylog (via juju) on LXD containers (manually provisioned).
The problem appeared after a VM reboot.
Good thing is that " apparmor_parser -r /var/lib/snapd/apparmor/profiles/*" fixed the problem.

Is this a known issue?

root@lxd-2-5-unused:~# snap version
snap 2.39.3
snapd 2.39.3
series 16
ubuntu 18.04
kernel 4.18.0-1024-azure
root@lxd-2-5-unused:~# snap debug sandbox-features
apparmor: kernel:caps kernel:dbus kernel:domain kernel:file kernel:mount kernel:namespaces kernel:network kernel:network_v8 kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:unsafe policy:default support-level:full
confinement-options: classic devmode strict
dbus: mediated-bus-access
kmod: mediated-modprobe
mount: freezer-cgroup-v1 layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation
seccomp: bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap
udev: device-cgroup-v1 tagging

BR, Robert

1 Like

apparmor_parser -r /var/lib/snapd/apparmor/profiles/*

Funciono, gracias.

I’m having the very same issue but on Arch Linux.
apparmor_parser -r /var/lib/snapd/apparmor/profiles/* fixes the issue but I have to use it every time I reboot.

Any ideas how to fix it permanently?

Have you tried enabling apparmor.service and snapd.apparmor.service so that both are started during boot?