Solus: All core18 snaps are not launchable


#1

(Maybe related to Problem with snapd and snaps on Solus 3.9999 , but the distro developers claimed they have fixed the issue.)

An user informed me the mari0 snap isn’t launchable on Solus:

After reproducing the issue in a VM I found that this seems to be applying to all snaps that is using the core18 base snap:

$ snap version
snap    2.37.4
snapd   2.37.4
series  16
solus   3.9999
kernel  4.20.10-111.current

$ snap run gallery-dl
execv failed: No such file or directory

$ snap run hello
Hello, world!

with SNAP_CONFINE_DEBUG=yes:

DEBUG: security tag: snap.gallery-dl.gallery-dl
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core18
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 0, sgid: 0
DEBUG: apparmor label on snap-confine is: /usr/lib64/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: releasing lock 4
DEBUG: opened snap-update-ns executable as file descriptor 4
DEBUG: opened snap-discard-ns executable as file descriptor 5
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/gallery-dl.lock
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope gallery-dl, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: gallery-dl
DEBUG: forked support process 2144
DEBUG: changing apparmor hat to mount-namespace-capture-helper
DEBUG: helper process waiting for command
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: block device of snap core18, revision 731 is 7:1
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: joining preserved mount namespace for inspection
DEBUG: block device of the root filesystem is 7:1
DEBUG: sanity timeout reset and disabled
DEBUG: preserved mount namespace can be reused
DEBUG: joined preserved mount namespace gallery-dl
DEBUG: moved process 2136 to freezer cgroup hierarchy for snap gallery-dl
DEBUG: joining preserved per-user mount namespace
DEBUG: unsharing the mount namespace (per-user)
DEBUG: sc_setup_user_mounts: gallery-dl
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: calling snapd tool snap-update-ns
DEBUG: waiting for snapd tool snap-update-ns to terminate
DEBUG: requesting changing of apparmor profile on next exec to snap-update-ns.gallery-dl
main.go:246: DEBUG: desired mount profile:
main.go:248: DEBUG: 	/run/user/1000/doc/by-app/snap.gallery-dl /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0
change.go:469: DEBUG: desiredIDs: map[/run/user/1000/doc:true]
change.go:470: DEBUG: reuse: map[]
main.go:257: DEBUG: mount changes needed:
main.go:259: DEBUG: 	mount (/run/user/1000/doc/by-app/snap.gallery-dl /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0)
main.go:204: DEBUG: performing mount changes:
main.go:207: DEBUG: 	 * mount (/run/user/1000/doc/by-app/snap.gallery-dl /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0)
main.go:251: DEBUG: current mount profile (after applying changes): (none)
DEBUG: snap-update-ns finished successfully
DEBUG: NOT preserving per-user mount namespace
DEBUG: releasing lock 6
DEBUG: sending command 0 to helper process (pid: 2144)
DEBUG: waiting for response from helper
DEBUG: sanity timeout reset and disabled
DEBUG: helper process received command 0
DEBUG: helper process exiting
DEBUG: waiting for the helper process to exit
DEBUG: helper process exited normally
DEBUG: resetting PATH to values in sync with core snap
DEBUG: snappy_udev_init
DEBUG: creating user data directory: /home/brlin/snap/gallery-dl/36
DEBUG: requesting changing of apparmor profile on next exec to snap.gallery-dl.gallery-dl
DEBUG: loading bpf program for security tag snap.gallery-dl.gallery-dl
DEBUG: read 6240 bytes from /var/lib/snapd/seccomp/bpf//snap.gallery-dl.gallery-dl.bin
DEBUG: raising privileges to load seccomp profile
DEBUG: dropping privileges after loading seccomp profile
DEBUG: read 152 bytes from /var/lib/snapd/seccomp/bpf/global.bin
DEBUG: raising privileges to load seccomp profile
DEBUG: dropping privileges after loading seccomp profile
DEBUG: execv(/usr/lib/snapd/snap-exec, /usr/lib/snapd/snap-exec...)
DEBUG:  argv[1] = gallery-dl
execv failed: No such file or directory
$ snap run hello
DEBUG: security tag: snap.hello.hello
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 0, sgid: 0
DEBUG: apparmor label on snap-confine is: /usr/lib64/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: releasing lock 4
DEBUG: opened snap-update-ns executable as file descriptor 4
DEBUG: opened snap-discard-ns executable as file descriptor 5
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/hello.lock
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope hello, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: hello
DEBUG: forked support process 2165
DEBUG: changing apparmor hat to mount-namespace-capture-helper
DEBUG: helper process waiting for command
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: block device of snap core, revision 6405 is 7:0
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: joining preserved mount namespace for inspection
DEBUG: block device of the root filesystem is 7:0
DEBUG: sanity timeout reset and disabled
DEBUG: preserved mount namespace can be reused
DEBUG: joined preserved mount namespace hello
DEBUG: moved process 2157 to freezer cgroup hierarchy for snap hello
DEBUG: joining preserved per-user mount namespace
DEBUG: unsharing the mount namespace (per-user)
DEBUG: sc_setup_user_mounts: hello
DEBUG: NOT preserving per-user mount namespace
DEBUG: releasing lock 6
DEBUG: sending command 0 to helper process (pid: 2165)
DEBUG: waiting for response from helper
DEBUG: sanity timeout reset and disabled
DEBUG: helper process received command 0
DEBUG: helper process exiting
DEBUG: waiting for the helper process to exit
DEBUG: helper process exited normally
DEBUG: resetting PATH to values in sync with core snap
DEBUG: snappy_udev_init
DEBUG: creating user data directory: /home/brlin/snap/hello/20
DEBUG: requesting changing of apparmor profile on next exec to snap.hello.hello
DEBUG: loading bpf program for security tag snap.hello.hello
DEBUG: read 6048 bytes from /var/lib/snapd/seccomp/bpf//snap.hello.hello.bin
DEBUG: raising privileges to load seccomp profile
DEBUG: dropping privileges after loading seccomp profile
DEBUG: read 152 bytes from /var/lib/snapd/seccomp/bpf/global.bin
DEBUG: raising privileges to load seccomp profile
DEBUG: dropping privileges after loading seccomp profile
DEBUG: execv(/usr/lib/snapd/snap-exec, /usr/lib/snapd/snap-exec...)
DEBUG:  argv[1] = hello
Hello, world!
$ snap debug sandbox-features 
apparmor:             kernel:caps kernel:dbus kernel:domain kernel:file kernel:mount kernel:namespaces kernel:network kernel:network_v8 kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:unsafe policy:default support-level:full
confinement-options:  classic devmode strict
dbus:                 mediated-bus-access
kmod:                 mediated-modprobe
mount:                freezer-cgroup-v1 layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation
seccomp:              bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap
udev:                 device-cgroup-v1 tagging