Snapd does not start with world writable assertions dir

snapd
1

i cannot install anything using snap and i think due to that my gnome software center isnot working and my app armor profiles not loading correctly the error code is

cannot communicate with server: Post http://localhost/v2/snaps/helloworld: dial unix /run/snapd.socket: connect: connection refused

snap version

snap 2.44.3+20.04
snapd unavailable
series -

if i run service snapd start i got

Job for snapd.service failed because the control process exited with error code.
See “systemctl status snapd.service” and “journalctl -xe” for details.

journalct -xe

The unit snapd.failure.service has entered the 'failed' state with result 'e>
May 04 17:14:42 Ryok systemd[1]: Failed to start Failure handling of the snapd>
-- Subject: A start job for unit snapd.failure.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit snapd.failure.service has finished with a failure.

what should i do is it a bug or something i can’t find anyway around it

it is long but i will share some of it
مايو = May

مايو 04 18:21:22 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 5.
مايو 04 18:21:22 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:22 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:22 Ryok snapd[5528]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:23 Ryok snapd[5528]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:23 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:23 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:23 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:23 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 6.
مايو 04 18:21:23 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:23 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:23 Ryok snapd[5560]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:24 Ryok snapd[5560]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:24 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:24 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:24 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:24 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 7.
مايو 04 18:21:24 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:24 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:24 Ryok snapd[5581]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:24 Ryok snapd[5581]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:24 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:24 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:24 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:25 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 8.
مايو 04 18:21:25 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:25 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:25 Ryok snapd[5602]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:26 Ryok snapd[5602]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:26 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:26 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:26 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:26 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 9.
مايو 04 18:21:26 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:26 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:26 Ryok snapd[5620]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:26 Ryok snapd[5620]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:26 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:26 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:26 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 10.
مايو 04 18:21:27 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:27 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:21:27 Ryok snapd[5644]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:21:27 Ryok snapd[5644]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:27 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 11.
مايو 04 18:21:27 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Start request repeated too quickly.
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:21:27 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:21:27 Ryok systemd[1]: snapd.service: Triggering OnFailure= dependencies.
– Reboot –
مايو 04 18:23:43 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:23:51 Ryok snapd[1079]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:23:53 Ryok snapd[1079]: patch.go:64: Patching system state level 6 to sublevel 1…
مايو 04 18:23:54 Ryok snapd[1079]: patch.go:64: Patching system state level 6 to sublevel 2…
مايو 04 18:23:55 Ryok snapd[1079]: patch.go:64: Patching system state level 6 to sublevel 3…
مايو 04 18:23:55 Ryok snapd[1079]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:23:55 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:23:55 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:23:55 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:23:56 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 1.
مايو 04 18:23:56 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:23:56 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:23:56 Ryok snapd[1220]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:23:57 Ryok snapd[1220]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:23:57 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:23:57 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:23:57 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:23:57 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 2.
مايو 04 18:23:57 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:23:57 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:23:57 Ryok snapd[1385]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:02 Ryok snapd[1385]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:02 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:02 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:02 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:02 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 3.
مايو 04 18:24:02 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:02 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:02 Ryok snapd[1990]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:08 Ryok snapd[1990]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:08 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:08 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:08 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:08 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 4.
مايو 04 18:24:08 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:08 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:08 Ryok snapd[2820]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:09 Ryok snapd[2820]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:09 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:09 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:09 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:09 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 5.
مايو 04 18:24:09 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:09 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:09 Ryok snapd[2875]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:10 Ryok snapd[2875]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:10 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:10 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:10 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:10 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 6.
مايو 04 18:24:10 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:10 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:10 Ryok snapd[2897]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:11 Ryok snapd[2897]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:11 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:11 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:11 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:11 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 7.
مايو 04 18:24:11 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:11 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:11 Ryok snapd[2915]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:12 Ryok snapd[2915]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:12 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:12 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:12 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:12 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 8.
مايو 04 18:24:12 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:12 Ryok systemd[1]: Starting Snap Daemon…
مايو 04 18:24:12 Ryok snapd[2936]: AppArmor status: apparmor is enabled and all features are available
مايو 04 18:24:13 Ryok snapd[2936]: cannot run daemon: assert storage root unexpectedly world-writable: /var/lib/snapd/assertions/asserts-v0
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:13 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Scheduled restart job, restart counter is at 9.
مايو 04 18:24:13 Ryok systemd[1]: Stopped Snap Daemon.
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Start request repeated too quickly.
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Failed with result ‘exit-code’.
مايو 04 18:24:13 Ryok systemd[1]: Failed to start Snap Daemon.
مايو 04 18:24:13 Ryok systemd[1]: snapd.service: Triggering OnFailure= dependencies.

2

Can you post the output of journalctl -e --no-pager -u snapd ?

3

This looks like someone seriously messed up your filesystem by running a command like sudo chmod -R a+rw /var or something similar … is this an upgrade or a fresh install ?

4

i have just installed ubuntu maybe 10 days ago and i ran dist upgrade and apt-get upgrade many times and also i only gave /var/www/ the root permission because i have apache2 installed and i am web developer and i need it to modify and delete files inside it do you have any solution in mind ?

5

well, these are the permissions in my /var/lib/snapd and /var/lib/snapd/assertions directories … check yours :slight_smile:

ogra@acheron:~$ ls -lh /var/lib/snapd/
insgesamt 504K
drwxr-xr-x 4 root root 4,0K Apr 21  2018 apparmor
drwxr-xr-x 4 root root 4,0K Jan  9  2018 assertions
drwxr-xr-x 2 root root 4,0K Jan 14  2017 auto-import
drwx------ 2 root root 4,0K Mai  4 23:06 cache
drwx------ 2 root root 4,0K Mai  4 23:08 cookie
drwxr-xr-x 4 root root 4,0K Sep 19  2019 desktop
drwxr-xr-x 3 root root 4,0K Jan  9  2018 device
drwxr-xr-x 2 root root 4,0K Jan 14  2017 environment
-rw------- 1 root root  64K Apr 12 12:22 errtracker.db
drwxr-xr-x 2 root root 4,0K Apr 30 14:57 features
drwxr-xr-x 2 root root 4,0K Jan 14  2017 firstboot
drwxr-xr-x 2 root root 4,0K Jan  9  2018 hostfs
drwxr-xr-x 6 root root 4,0K Mär 16  2019 lib
drwxr-xr-x 2 root root 4,0K Mai  5 01:13 mount
drwxr-xr-x 3 root root 4,0K Jan  9  2018 seccomp
drwxr-xr-x 2 root root 4,0K Mai  5 01:13 sequence
drwxr-xr-x 3 root root  12K Mai  5 01:13 snaps
drwx------ 2 root root 4,0K Jul 24  2019 snapshots
-rw------- 1 root root 388K Mai  5 01:33 state.json
-rw-r--r-- 1 root root  589 Apr 30 14:57 system-key
d--x--x--x 2 root root 4,0K Jan 14  2017 void
ogra@acheron:~$ ls -lh /var/lib/snapd/assertions/
insgesamt 8,0K
drwxr-xr-x 8 root root 4,0K Jan  9  2018 asserts-v0
drwxr-xr-x 2 root root 4,0K Jan  9  2018 private-keys-v1
ogra@acheron:~$
6

they are exactly the same brother all the permissions are just like yours i think the main problem is dut to the localhost because if i entered http://localhost/v2/snaps/ there is no interface or anything just my apache2 says page not found 404 am i supposed to see any interface or something ?

ryok@Ryok:~$ ls -lh /var/lib/snapd/
total 200K
drwxrwxrwx 4 root root 4.0K مايو 4 17:01 apparmor
drwxrwxrwx 4 root root 4.0K أبريل 26 17:31 assertions
drwxr-xr-x 2 root root 4.0K أبريل 10 17:57 auto-import
drwxrwxrwx 2 root root 4.0K أبريل 26 18:35 cache
drwxrwxrwx 2 root root 4.0K أبريل 26 18:35 cookie
drwxrwxrwx 4 root root 4.0K أبريل 26 17:32 desktop
drwxrwxrwx 3 root root 4.0K أبريل 26 17:31 device
drwxr-xr-x 2 root root 4.0K أبريل 10 17:57 environment
drwxrwxrwx 2 root root 4.0K أبريل 26 17:31 features
drwxr-xr-x 2 root root 4.0K أبريل 10 17:57 firstboot
drwxrwxrwx 2 root root 4.0K أبريل 26 17:34 hostfs
drwxr-xr-x 6 root root 4.0K مايو 4 17:01 lib
drwxrwxrwx 2 root root 4.0K أبريل 26 17:33 mount
drwxrwxrwx 3 root root 4.0K أبريل 26 17:31 seccomp
drwxrwxrwx 4 root root 4.0K أبريل 23 10:43 seed
drwxrwxrwx 2 root root 4.0K أبريل 26 18:35 sequence
drwxrwxrwx 3 root root 4.0K مايو 4 17:01 snaps
-rw------- 1 root root 124K مايو 5 01:06 state.json
-rwxrwxrwx 1 root root 589 أبريل 26 17:31 system-key
d–x--x–x 2 root root 4.0K أبريل 10 17:57 void

7

no, the error message is pretty clear, snapd refuses to start because the filesystem storage is insecure …

what about /var and /var/lib permissions ? is either of the dirs above the checked ones user writable ?

8

thanks a lot for your time bro , you can see the output in the previous message

9

well, lets take a short discourse in unix filesystem permissions …

d means it is a directory … the next three “rwx” tell what the owner (root in your case) is allowed to do … r is read, w is write, x is execute …

the second block of three means permissions for the group … the last block means permissions for the rest of the world… compare my dir with yours:

drwxr-xr-x 4 root root 4,0K Jan  9  2018 assertions

vs:

drwxrwxrwx 4 root root 4.0K أبريل 26 17:31 assertions

so the block for the group and the block for the world permissions in your output both have the “w” bit set … and thus your dirs are wrold writable …

i suspect this happened when you tinkered with /var/www … the prob is that you made your system highly insecure now because all apps and everyone can write in dirs where they should not have permissions to write …

snapd stores all secret keys (yours, the store ones or package ones) in the “assertions” dir and because this is very sensible information it checks on startup if it is secure to do so …

10

ohhhh i didn’t examine the code i just examined the code number which is 4 in this case will after that been said what do you suggest or what commands should i run to solve this problem ?

11

well, while you could just use the chmod command like:

sudo chmod -R go-w /var/lib/snapd

this will indeed make snapd start, but it wont fix any other damage that has been done to the /var directory by whatever you have been doing …

if the system is really brand new and you havent added too much work to it yet, i’d consider to set it up newly … simply because nobody can tell what other permissions have been changed randomly underneath /var …

PS: i have shortened the thread title a bit and moved it to the snapd section …

1 Like
12

Thank you very much it finally started ! :slight_smile:

1 Like