I have a fresh LAMP server, with SSL enabled in apache2 using the (default) snakeoil certificate. I have heretofore been able to reliably access the server via xrdp. However, as soon as I replaced the snakeoil certificate with a Let’s Encrypt certificate using certbot, my sessions disconnect within a minute or so after authentication. Specifically, the client window just disappears. The session stays active on the server side however, but I cannot reconnect to it (xfreerdp window opens and then closes immeidately).
So, why am I bringing this up to the fine folk at SnapCraft and community? Well, I installed the LE certificates via the following commands (as per certbot’s instructions):
System
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
Two interesting side notes to this are:
If I log onto the LAMP server, stop the xrdp service and restart it again, I can remote in and xrdp is solid. It is only when xrdp is launched at boot time that my subsequent session disconnects.
(And I think this is the “smoking gun” bit…) If I uninstall the snap-based certbot and install the non-snap-based version, my xrdp sessions are rock solid, right from server boot and any time thereafter
So it looks like there is some interaction between snap and the session connection between my server and my client.
To generate some logs, i started an xrdp session, and when it dropped, I grabbed the server’s journal.log, xrdp.log and xrdp-sesman.log file. I scraped out the non-snapd entries and it does look like snapd is having some issues (e.g., segfaults). The excerpt is below. My session ended at about the 11:05:19 mark.
System Info:
Ubuntu 22.04.1
snap-2.57.5+22.0
xrdp-0.9.17-2ubuntu2
Any thoughts on what’s happening?
Thank-you.
(PS: Can I post the log file below without losing the linefeeds?)
Nov 18 11:05:05 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:05 webhost dbus-daemon[1659]: [session uid=1000 pid=1659] Activating via systemd: service name='org.freedesktop.portal.Documents' unit='xdg-document-portal.service' requested by ':1.2' (uid=1000 pid=1645 comm="/usr/bin/snap run snapd-desktop-integration " label="unconfined")
Nov 18 11:05:06 webhost snapd-desktop-i[1645]: cannot open display:
Nov 18 11:05:06 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 11:05:06 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result 'exit-code'.
Nov 18 11:05:06 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 1.
Nov 18 11:05:06 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:06 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:07 webhost snapd-desktop-i[2058]: New theme: gtk=Yaru icon=Yaru cursor=(null), sound=Yaru
Nov 18 11:05:07 webhost kernel: snapd-desktop-i[2058]: segfault at 0 ip 00007f89bb35c3d4 sp 00007fff027c9d98 error 4 in libglib-2.0.so.0.6400.6[7f89bb332000+9a000]
Nov 18 11:05:07 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=dumped, status=11/SEGV
Nov 18 11:05:07 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result 'core-dump'.
Nov 18 11:05:07 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 2.
Nov 18 11:05:07 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:07 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:07 webhost snapd-desktop-i[2133]: New theme: gtk=Yaru icon=Yaru cursor=(null), sound=Yaru
Nov 18 11:05:07 webhost kernel: snapd-desktop-i[2133]: segfault at 0 ip 00007f9efd6fd3d4 sp 00007ffc25d7b918 error 4 in libglib-2.0.so.0.6400.6[7f9efd6d3000+9a000]
Nov 18 11:05:08 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=dumped, status=11/SEGV
Nov 18 11:05:08 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result 'core-dump'.
Nov 18 11:05:08 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 3.
Nov 18 11:05:08 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:08 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:08 webhost systemd[1635]: Started snap.snap-store.ubuntu-software.7108c80f-e6fb-44b2-b5a3-9d6d71b7f245.scope.
Nov 18 11:05:08 webhost systemd[1]: tmp-snap.rootfs_wXze9m.mount: Deactivated successfully.
Nov 18 11:05:08 webhost kernel: audit: type=1400 audit(1668798308.451:60): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=2338 comm="snap-confine" capability=4 capname="fsetid"
Nov 18 11:05:08 webhost audit[2338]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=2338 comm="snap-confine" capability=4 capname="fsetid"
Nov 18 11:05:08 webhost snapd-desktop-i[2368]: New theme: gtk=Yaru icon=Yaru cursor=(null), sound=Yaru
Nov 18 11:05:08 webhost kernel: snapd-desktop-i[2368]: segfault at 0 ip 00007fa83822d3d4 sp 00007fff9b9e6c38 error 4 in libglib-2.0.so.0.6400.6[7fa838203000+9a000]
Nov 18 11:05:09 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=dumped, status=11/SEGV
Nov 18 11:05:09 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result 'core-dump'.
Nov 18 11:05:09 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 4.
Nov 18 11:05:09 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:09 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:09 webhost snapd-desktop-i[2561]: Failed to load module "canberra-gtk-module"
Nov 18 11:05:09 webhost snapd-desktop-i[2561]: Failed to load module "canberra-gtk-module"
Nov 18 11:05:09 webhost snapd-desktop-i[2561]: New theme: gtk=Adwaita icon=Adwaita cursor=Adwaita, sound=Yaru
Nov 18 11:05:09 webhost snapd-desktop-integration.snapd-desktop-integration[2561]: All available theme snaps installed
Nov 18 11:05:09 webhost audit[2338]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj=snap.snap-store.ubuntu-software pid=2338 comm="snap-store" exe="/snap/snap-store/582/usr/bin/snap-store" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb5c071473d code=0x50000
Nov 18 11:05:09 webhost kernel: audit: type=1326 audit(1668798309.795:61): auid=1000 uid=1000 gid=1000 ses=2 subj=snap.snap-store.ubuntu-software pid=2338 comm="snap-store" exe="/snap/snap-store/582/usr/bin/snap-store" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb5c071473d code=0x50000
Nov 18 11:05:10 webhost dbus-daemon[757]: [system] Activating via systemd: service name='org.freedesktop.fwupd' unit='fwupd.service' requested by ':1.122' (uid=1000 pid=2338 comm="/snap/snap-store/582/usr/bin/snap-store --gapplica" label="snap.snap-store.ubuntu-software (enforce)")
Nov 18 11:05:11 webhost snap-store[2338]: plugin fwupd took 1.0 seconds to do setup
Nov 18 11:05:11 webhost audit[757]: USER_AVC pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost audit[757]: USER_AVC pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost kernel: audit: type=1107 audit(1668798311.239:62): pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost kernel: audit: type=1107 audit(1668798311.239:63): pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost audit[757]: USER_AVC pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost audit[757]: USER_AVC pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost snap-store[2338]: enabled plugins: fwupd, os-release, packagekit-refine-repos, packagekit-refresh, appstream, hardcoded-blocklist, hardcoded-popular, modalias, packagekit, rewrite-resource, provenance, snap, systemd-updates, generic-updates, provenance-license, icons
Nov 18 11:05:11 webhost kernel: audit: type=1107 audit(1668798311.243:64): pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost kernel: audit: type=1107 audit(1668798311.243:65): pid=757 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" mask="send" name=":1.8" pid=2338 label="snap.snap-store.ubuntu-software" peer_pid=775 peer_label="unconfined"
Nov 18 11:05:11 webhost snap-store[2338]: disabled plugins: dpkg, dummy, fedora-langpacks, fedora-pkgdb-collections, repos
Nov 18 11:05:11 webhost audit[2338]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=2338 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 18 11:05:11 webhost snap-store[2338]: /etc/PackageKit/Vendor.conf file not found
Nov 18 11:05:11 webhost kernel: audit: type=1400 audit(1668798311.623:66): apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/PackageKit/Vendor.conf" pid=2338 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 18 11:05:11 webhost audit[2338]: AVC apparmor="DENIED" operation="open" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=2338 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Nov 18 11:05:11 webhost snap-store[2338]: not handling error no-security for action refresh: Failed to obtain authentication.
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Builder.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Calculator.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.clocks.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Dictionary.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Documents.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Evince/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.gedit.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Maps.desktop/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: adding wildcard app */*/*/org.gnome.Weather/* to plugin cache
Nov 18 11:05:12 webhost snap-store[2338]: Only 0 apps for recent list, hiding
Nov 18 11:05:13 webhost snapd[782]: storehelpers.go:748: cannot refresh: snap has no updates available: "bare", "certbot", "core", "core20", "firefox", "gnome-3-38-2004", "gtk-common-themes", "snapd", "snapd-desktop-integration"
Nov 18 11:05:41 webhost systemd[1]: snap.certbot.renew.timer: Deactivated successfully.
Nov 18 11:05:41 webhost systemd[1]: Stopped Timer renew for snap application certbot.renew.
Nov 18 11:05:41 webhost snapd[782]: main.go:155: Exiting on terminated signal.
Nov 18 11:05:41 webhost snapd[782]: overlord.go:504: Released state lock file
Nov 18 11:05:41 webhost systemd[1]: snapd.seeded.service: Deactivated successfully.
Nov 18 11:05:41 webhost systemd[1]: Stopped Wait until snapd is fully seeded.
Nov 18 11:05:41 webhost systemd[1]: Condition check resulted in Ubuntu core (all-snaps) system shutdown helper setup service being skipped.
Nov 18 11:05:41 webhost systemd[1]: snapd.service: Deactivated successfully.
Nov 18 11:05:41 webhost systemd[1]: snapd.service: Consumed 1.145s CPU time.
Nov 18 11:05:41 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Main process exited, code=exited, status=1/FAILURE
Nov 18 11:05:41 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Failed with result 'exit-code'.
Nov 18 11:05:41 webhost systemd[1635]: snap.snap-store.ubuntu-software.7108c80f-e6fb-44b2-b5a3-9d6d71b7f245.scope: Consumed 2.848s CPU time.
Nov 18 11:05:41 webhost systemd[1635]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 5.
Nov 18 11:05:41 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:41 webhost systemd[1635]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:41 webhost systemd[990]: Closed REST API socket for snapd user session agent.
Nov 18 11:05:41 webhost systemd[1635]: Stopping Service for snap application snapd-desktop-integration.snapd-desktop-integration...
Nov 18 11:05:41 webhost systemd[1635]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration.
Nov 18 11:05:41 webhost systemd[1635]: Closed REST API socket for snapd user session agent.
Nov 18 11:05:43 webhost systemd[1]: snapd.socket: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Closed Socket activation for snappy daemon.
Nov 18 11:05:43 webhost systemd[1]: Unmounting /run/snapd/ns/snap-store.mnt...
Nov 18 11:05:43 webhost systemd[1]: Unmounting /run/snapd/ns/snapd-desktop-integration.mnt...
Nov 18 11:05:43 webhost systemd[1]: Unmounting Mount unit for snap-store, revision 582...
Nov 18 11:05:43 webhost systemd[1]: Unmounting Mount unit for snapd, revision 17336...
Nov 18 11:05:43 webhost systemd[1]: Unmounting Mount unit for snapd, revision 17576...
Nov 18 11:05:43 webhost systemd[1]: Unmounting Mount unit for snapd-desktop-integration, revision 14...
Nov 18 11:05:43 webhost systemd[1]: run-snapd-ns-snap\x2dstore.mnt.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted /run/snapd/ns/snap-store.mnt.
Nov 18 11:05:43 webhost systemd[1]: run-snapd-ns-snapd\x2ddesktop\x2dintegration.mnt.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted /run/snapd/ns/snapd-desktop-integration.mnt.
Nov 18 11:05:43 webhost systemd[1]: snap-bare-5.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-core-13886.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: var-snap-firefox-common-host\x2dhunspell.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounting /run/snapd/ns...
Nov 18 11:05:43 webhost systemd[1]: run-snapd-ns.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted /run/snapd/ns.
Nov 18 11:05:43 webhost systemd[1]: snap-certbot-2511.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-core20-1587.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-core20-1695.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-firefox-2067.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-firefox-2088.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-gnome\x2d3\x2d38\x2d2004-112.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-gnome\x2d3\x2d38\x2d2004-119.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-gtk\x2dcommon\x2dthemes-1535.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: snap-snap\x2dstore-582.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted Mount unit for snap-store, revision 582.
Nov 18 11:05:43 webhost systemd[1]: snap-snapd-17336.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted Mount unit for snapd, revision 17336.
Nov 18 11:05:43 webhost systemd[1]: snap-snapd-17576.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted Mount unit for snapd, revision 17576.
Nov 18 11:05:43 webhost systemd[1]: snap-snapd\x2ddesktop\x2dintegration-14.mount: Deactivated successfully.
Nov 18 11:05:43 webhost systemd[1]: Unmounted Mount unit for snapd-desktop-integration, revision 14.