Snap-update-ns failing, cannot launch snaps

InsaneSanity · June 23, 2019, 2:52pm

I use Kali Linux for my pentesting needs. I installed snap to get some of my needs like Tusk (Evernote for Linux).

I installed via apt install snapd and ran sudo systemctl enable --now snapd.socket to get snap working. Then I ran snap install tusk which installed fine. It did warn me my $PATH was not there etc and I should restart, which I did.

After restarting I tried starting Tusk but it wouldn’t start. As a result, I tried to start it via terminal by writing snap run Tusk to which I got this:

cannot change profile for the next exec call: No such file or directory
snap-update-ns failed with code 1: File exists

Now I did find a thread regarding this and found running apparmor_parser -r /var/lib/snapd/apparmor/profiles/* fixes this but I have to run this everytime I restart my laptop. Is there a permanent fix for this?

InsaneSanity · June 23, 2019, 2:53pm

Bumping the thread for visibility

InsaneSanity · June 25, 2019, 2:31am

Bumping the thread as I still need help

chipaca · June 25, 2019, 9:00am

What’s the output of

snap version
snap debug sandbox-features

?

Thank you.

zyga-snapd · June 25, 2019, 5:04pm

Hi

Kali linux is not on the set of distributions we regularly test so some things may misbehave. In this specific case I think the snapd.apparmor.service is required to load snapd-specific apparmor profiles on boot.

I’m not familiar with Kali linux so I don’t know if it is derived from another distribution or what kind of file system flavour it uses. I would first start by looking at this list of topics:

check if snapd needs to blacklist kali for re-execution
check if snap-confine is configured and built correctly
check if all snapd systemd units are loaded
- this last part is tricky because some units are only needed on “core” systems that don’t use classic packages and where snapd manages the entire operating system

roku · July 24, 2019, 5:37am

Hi!

I ran now into the same issue with Ubuntu 18.04, when running Graylog (via juju) on LXD containers (manually provisioned).
The problem appeared after a VM reboot.
Good thing is that " apparmor_parser -r /var/lib/snapd/apparmor/profiles/*" fixed the problem.

Is this a known issue?

root@lxd-2-5-unused:~# snap version
snap 2.39.3
snapd 2.39.3
series 16
ubuntu 18.04
kernel 4.18.0-1024-azure
root@lxd-2-5-unused:~# snap debug sandbox-features
apparmor: kernel:caps kernel:dbus kernel:domain kernel:file kernel:mount kernel:namespaces kernel:network kernel:network_v8 kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:unsafe policy:default support-level:full
confinement-options: classic devmode strict
dbus: mediated-bus-access
kmod: mediated-modprobe
mount: freezer-cgroup-v1 layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation
seccomp: bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap
udev: device-cgroup-v1 tagging

BR, Robert

andrewnaw · January 18, 2021, 6:20pm

apparmor_parser -r /var/lib/snapd/apparmor/profiles/*

Funciono, gracias.

div · April 8, 2021, 7:33pm

I’m having the very same issue but on Arch Linux.
apparmor_parser -r /var/lib/snapd/apparmor/profiles/* fixes the issue but I have to use it every time I reboot.

Any ideas how to fix it permanently?

mborzecki · April 9, 2021, 6:10am

Have you tried enabling apparmor.service and snapd.apparmor.service so that both are started during boot?