The snap I’m building is running into some odd error messages. We’ve tested on Ubuntu for a while, but this problem seems to come up in machines with a Linux kernel higher than 5.3. I’m not sure what minor version has the breaking change.
snappy-debug gives this error message repeatedly:
= AppArmor =
Time: Apr 2 20:07:34
Log: apparmor="DENIED" operation="exec" profile="snap.XXX.XXX" name="/" pid=25981 comm="daemon" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
File: / (exec)
Suggestions:
* adjust snap to ship ''
* adjust program to use relative paths if the snap already ships ''
* add one of 'network-control' to 'plugs'
I already have the network-control plug
Interface Plug Slot Notes
block-devices XXX:block-devices :block-devices manual
bluetooth-control XXX:bluetooth-control - -
camera XXX:camera :camera manual
content XXX:local-resources - -
dvb XXX:dvb :dvb manual
firewall-control XXX:firewall-control - -
gpio XXX:gpio - -
gpio-memory-control XXX:gpio-memory-control :gpio-memory-control manual
(hidden entry)
hardware-random-control XXX:hardware-random-control :hardware-random-control manual
home XXX:home :home manual
i2c XXX:i2c - -
iio XXX:iio - -
joystick XXX:joystick :joystick manual
netlink-audit XXX:netlink-audit - -
netlink-connector XXX:netlink-connector - -
network XXX:network :network -
network-bind XXX:network-bind :network-bind -
network-control XXX:network-control :network-control manual
opengl XXX:opengl :opengl -
optical-drive XXX:optical-drive :optical-drive -
process-control XXX:process-control :process-control manual
raw-usb XXX:raw-usb :raw-usb manual
removable-media XXX:removable-media :removable-media manual
serial-port XXX:serial-port - -
spi XXX:spi - -
system-observe XXX:system-observe :system-observe manual
And I don’t know what to make of the exec complaint. I assume that snappy-debug thinks (maybe correctly) that the application is trying to exec a program it’s not allowed to use, so it’s suggesting that the program be bundled in with the snap. However, snappy-debug either doesn’t know what the program is or the application is trying to execute /.
This error occurs during configuration. I run snap set ... and the configure hook starts the app, which leads to:
error: cannot perform the following tasks:
- start of [XXX.XXX] (# systemctl start snap.XXX.service
Job for snap.XXX.XXX.service failed because the control process exited with error code.
See "systemctl status snap.XXX.XXX.service" and "journalctl -xe" for details.
)
- start of [XXX.XXX] (exit status 1)
+ snap start XXX
error: cannot perform the following tasks:
- start of [XXX.XXX] (# systemctl start snap.XXX.XXX.service
Job for snap.XXX.XXX.service failed because the control process exited with error code.
See "systemctl status snap.XXX.XXX.service" and "journalctl -xe" for details.
)
- start of [XXX.XXX] (exit status 1)
When I run systemctl status snap.XXX.XXX.service, I get
**●** snap.XXX.XXX.service - Service for snap application XXX.XXX
Loaded: loaded (/etc/systemd/system/snap.XXX.XXX.service; enabled; vendor preset: enabled)
Active: **failed** (Result: exit-code) since Thu 2020-04-02 20:07:36 UTC; 16min ago
Process: 26324 ExecStart=/usr/bin/snap run XXX.XXX **(code=exited, status=1/FAILURE)**
Does anyone know what to make of these error messages? I’d like to test out an edit to the AppArmor profile, but I don’t know what I should even change.
I had to hide the name of the snap on this public forum, but Canonical knows which one this is.