Bug#993783: marked as done (snapd: AppArmor profile breaks snaps)

Debian Bug Tracking System Tue, 07 Sep 2021 06:51:15 -0700

Your message dated Tue, 07 Sep 2021 13:49:37 +0000
with message-id <e1mnbtl-000bmb...@fasolo.debian.org>
and subject line Bug#993783: fixed in snapd 2.51.7-2
has caused the Debian Bug report #993783,
regarding snapd: AppArmor profile breaks snaps
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
993783: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993783
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: snapd
Version: 2.51.7-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: andreakarim...@gmail.com

Dear Maintainer,

   * What led up to the situation? Trying to run a "classic" snap.
   * What exactly did you do (or not do) that was effective (or
     ineffective)? Just tried to run the snap.
   * What was the outcome of this action? AppArmor DENIED and snap not starting
   * What outcome did you expect instead? Snap to run properly

The AppArmor profile for /usr/lib/snapd/snap-confine prevents snaps such
as slack and spotify to run at all:

----
$ slack
cannot change profile for the next exec call: No such file or directory

$ spotify 
WARNING: cgroup v2 is not fully supported yet, proceeding with partial 
confinement
cannot change profile for the next exec call: No such file or directory
snap-update-ns failed with code 1
----

----
Sep 06 13:47:04 XXX kernel: audit: type=1400 audit(1630928824.498:38): 
apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 
profile="/usr/lib/snapd/snap-confine" name="snap-update-ns.spotify" pid=10039 
comm="snap-confine"
Sep 06 13:47:04 XXX kernel: audit: type=1400 audit(1630928824.498:37): 
apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" 
pid=10025 comm="snap-confine" capability=4  capname="fsetid"
Sep 06 13:47:04 XXX audit[10039]: AVC apparmor="DENIED" 
operation="change_onexec" info="label not found" error=-2 
profile="/usr/lib/snapd/snap-confine" name="snap-update-ns.spotify" pid=10039 
comm="snap-confine"
Sep 06 13:47:04 XXX audit[10025]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=10025 comm="snap-confine" 
capability=4  capname="fsetid"
Sep 06 13:46:59 XXX audit[9942]: AVC apparmor="DENIED" 
operation="change_onexec" info="label not found" error=-2 
profile="/usr/lib/snapd/snap-confine" name="snap.slack.slack" pid=9942 
comm="snap-confine"
Sep 06 13:46:59 XXX kernel: audit: type=1400 audit(1630928819.269:36): 
apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 
profile="/usr/lib/snapd/snap-confine" name="snap.slack.slack" pid=9942 
comm="snap-confine"
----

-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages snapd depends on:
ii  adduser          3.118
ii  apparmor         3.0.3-2
ii  ca-certificates  20210119
ii  gnupg            2.2.27-2
ii  libapparmor1     3.0.3-2
ii  libc6            2.32-1
ii  libcap2          1:2.44-1
ii  libseccomp2      2.5.1-1
ii  libudev1         247.9-1
ii  openssh-client   1:8.4p1-6
ii  squashfs-tools   1:4.5-2
ii  systemd          247.9-1
ii  udev             247.9-1

Versions of packages snapd recommends:
ii  gnupg  2.2.27-2

Versions of packages snapd suggests:
ii  zenity  3.32.0-7

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: snapd
Source-Version: 2.51.7-2
Done: Michael Vogt <michael.v...@ubuntu.com>

We believe that the bug you reported is fixed in the latest version of
snapd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 993...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <michael.v...@ubuntu.com> (supplier of updated snapd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Sep 2021 13:53:22 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.51.7-2
Distribution: unstable
Urgency: medium
Maintainer: Michael Hudson-Doyle <mwhud...@debian.org>
Changed-By: Michael Vogt <michael.v...@ubuntu.com>
Closes: 993783
Changes:
 snapd (2.51.7-2) unstable; urgency=medium
 .
   * debian: cherry-pick PR#10745
     - cherry pick https://github.com/snapcore/snapd/pull/10745
       (closes: #993783)
   * debian/control:
     - build with go-1.15 for now until snapd-2.52 is released
       which fully supports go.mod
Checksums-Sha1:
 53e4b13af4429d34fe9134f724ad90e85af90aa6 3542 snapd_2.51.7-2.dsc
 cef0017bd6215c8d51164960dbf110ffb4b6912b 106452 snapd_2.51.7-2.debian.tar.xz
 9cd4c8e3d1ba88ab705b20e5f8c167cddde9496e 16991 snapd_2.51.7-2_source.buildinfo
Checksums-Sha256:
 ce72077ae014d123e3b5a79fccc8ae5a5c6de6ccfab52dbdfd380e8adce012b7 3542 
snapd_2.51.7-2.dsc
 b2505490108cbdf630926b48a1bf7e50dac1eab89307bb07cc3f8d464ed2bfd5 106452 
snapd_2.51.7-2.debian.tar.xz
 11b8a9efccc11b7e1540f012343d31c2245aac7656a96e8ef90364e460556aa5 16991 
snapd_2.51.7-2_source.buildinfo
Files:
 2d7f3aec32f5e2c0432bd886c69b1b51 3542 devel optional snapd_2.51.7-2.dsc
 e43ceff7225619472edb6617bfe10fac 106452 devel optional 
snapd_2.51.7-2.debian.tar.xz
 b83babcafee17cfd974dee20ff6cab75 16991 devel optional 
snapd_2.51.7-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2mxnVNiIdibNBqEomMq7Or1MpZ4FAmE3YcMACgkQmMq7Or1M
pZ7qcBAAljIuDAPTI3TXakJntzEE30LbkUYWX9wxGQEaFaQMF7duKgkIQkRs7DrJ
VzUT/A5/wzV8xR0Blyrka42DXlA1dzorHwuKxD/sAkgnUMC8M5Ygr+FPHCeMgzYD
JaRXmcfbXfXS+2Y0k0uO7APpGhpC02+rxpiayNZQkm1T9iELoW6IdnMYwnJl9ESY
cv8/D1ODB8FAwaVzTZvwq0DHgzGx5RIElm23XKcjDLqSKFw6wrLwDkQZm+VxoWU4
SwSLFRh5nJGQugjq3O4Q8+4DDVTXz/GKvaUUs+DBUMS3U2or6eyOl4OrlEBRpxYa
DRA/DnGnosNuRfdjP2K5XjsXQDbNtfeOUNKH7H2iKh4/P5fNKgVemBdsXfYTwuXO
OefLlFPkM4gdxN3hfqtiPXAoFbYi1Pm0LEL/5Vm6d9ieAjFQJih6BcMbwCKl1a33
d52Dzo4yxwTUImsFYJu++AL/vMux5R6UyPHCw30EHk3L+fv2nsFxRJwXl1IpZD1v
DE6D01OT8QgBsJecnWF6/yNKl9UpVLiuickl3UtbJ8eaN83q3sGgf1Gfhzl1/pgT
kOxh27bt3nXgvCuuEfet4CEku1sGb2yLO65XT93COfpWlCpdyDiyOWHW7Gk6/Czt
ew2swh7qtCSDqOYAmO+5lhW2K1Po8Kmd/sGvsBP54My91fn3PYY=
=Egor
-----END PGP SIGNATURE-----

--- End Message ---

Bug#993783: marked as done (snapd: AppArmor profile breaks snaps)

Reply via email to