Snapd install failed - Permission denied; attempted to load a profile while confined?

Hi folks, I’m attempting to install snapd and I’m getting an error in the install process. I’m using an ubuntu 22.04 container on a proxmox v8 host. When I do

 apt upate
 apt install snapd

it rolls happily through the install until it gets to this:

Created symlink /etc/systemd/user/sockets.target.wants/dirmngr.socket → /usr/lib/systemd/user/dirmngr.socket. Setting up gpg-wks-server (2.2.19-3ubuntu2.2) … Setting up snapd (2.66.1+20.04) … apparmor_parser: Unable to replace “mount-namespace-capture-helper”. Permission denied; attempted to load a profile while confined? apparmor_parser: Unable to replace “/usr/lib/snapd/snap-confine”. Permission denied; attempted to load a profile while confined? Created symlink /etc/systemd/system/multi-user.target.wants/snapd.apparmor.service → /lib/systemd/system/snapd.apparmor.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.autoimport.service → /lib/systemd/system/snapd.autoimport.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.core-fixup.service → /lib/systemd/system/snapd.core-fixup.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.recovery-chooser-trigger.service → /lib/systemd/system/snapd.recovery-chooser-trigger.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.seeded.service → /lib/systemd/system/snapd.seeded.service. Created symlink /etc/systemd/system/cloud-final.service.wants/snapd.seeded.service → /lib/systemd/system/snapd.seeded.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.service → /lib/systemd/system/snapd.service. Created symlink /etc/systemd/system/timers.target.wants/snapd.snap-repair.timer → /lib/systemd/system/snapd.snap-repair.timer. Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /lib/systemd/system/snapd.socket. Created symlink /etc/systemd/system/final.target.wants/snapd.system-shutdown.service → /lib/systemd/system/snapd.system-shutdown.service. Job for snapd.service failed because the control process exited with error code. See “systemctl status snapd.service” and “journalctl -xe” for details. snapd.failure.service is a disabled or a static unit, not starting it. snapd.mounts.target is a disabled or a static unit, not starting it. snapd.snap-repair.service is a disabled or a static unit, not starting it. Job for snapd.seeded.service failed because the control process exited with error code. See “systemctl status snapd.seeded.service” and “journalctl -xe” for details.

I went ahead and rebooted and tried

systemctl status snapd

which said

snapd.service - Snap Daemon Loaded: loaded (/lib/systemd/system/snapd.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2025-01-28 17:18:11 PST; 22s ago TriggeredBy: snapd.socket Process: 535 ExecStart=/usr/lib/snapd/snapd (code=exited, status=1/FAILURE) Main PID: 535 (code=exited, status=1/FAILURE) Jan 28 17:18:11 mrbeaver systemd[1]: snapd.service: Scheduled restart job, restart counter is at 5. Jan 28 17:18:11 mrbeaver systemd[1]: Stopped Snap Daemon. Jan 28 17:18:11 mrbeaver systemd[1]: snapd.service: Start request repeated too quickly. Jan 28 17:18:11 mrbeaver systemd[1]: snapd.service: Failed with result ‘exit-code’. Jan 28 17:18:11 mrbeaver systemd[1]: Failed to start Snap Daemon. Jan 28 17:18:11 mrbeaver systemd[1]: snapd.service: Triggering OnFailure= dependencies.

What am I missing to get this installed properly? thanks - Dean Guenther

Apparently snapd does not want to be installed with ubuntu 22.04. On my proxmox host I created a new ubuntu 22.04 container. Then I simply did apt update apt upgrade apt install snapd

And it gave me the above errors on the installation. And snapd does not start under ubuntu 22.04

I created a new ubuntu 20.04 container and then I tried installing “apt install snapd” and it failed to install and start snapd.

Is there a version of ubuntu which supports snapd? thanks - Dean Guenther

I was able to create a Debian 12.7 container on proxmox v8 and then I was able to successfully install snapd on the debian container. I guess I’ll abandon using ubuntu for this service and use debian instead. - Dean Guenther

Yes, it is being developed on Ubuntu and installed in all default installations since 2016 on millions of computers … but as every Ubuntu install and a lot other Ubuntu userspace applications it expects a proper Ubuntu kernel in use with the proper Ubuntu security patch set and the correct kernel config settings, do your VMs use an Ubuntu kernel and are they running in a privileged container ?

(on debian where snaps run in a degraded security mode these requirements are less strict)

yes, I tried ubuntu 22.04 and 20.04 as freshly installed containers (a CT not a VM). With all updated software and the only software installed was snapd, which fails to start in both 22.04 and 20.04.

What does uname -a in such a container say ? If that’'s not a proper Ubuntu kernel (or one that uses at least all required config options and the expected security patches the same way Ubuntu kernels are set up), this is kind of expected …

If snapd notices it runs on actual Ubuntu it expects this environment for full security and confinement support and tries to make use of it, whereas on other OSes it expects the exactly opposite because there the kernel is out of control of the snapd team.

In my ubuntu 22.04 container I have

uname -a

Linux host2204 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 x86_64 x86_64 GNU/Linux

In my ubuntu 20.04 container I have uname -a

Linux host2004 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 x86_64 x86_64 GNU/Linux

Right, so you should talk to whoever created these -pve kernels, they are definitely lacking features Ubuntu relies on… (You might hit other issues with other userspace apps too due to that, not only snapd expects a proper kernel on something that calls itself Ubuntu)