we do have several apparmor denials in there but none of them are directly related to namespace creation. I have pasted then below just to make sure they don't disappear when the pastebin is reaped. It is possible that one of these denials is blocking the creation of a namespace if its calling a function that setups the namespace to fail before doing the actual namespace creation but I think this unlikely just because the paths don't line up with /run/user/
More concerning is [ 58.869512] kauditd_printk_skb: 66 callbacks suppressed which means we are missing some messages. Generally setting /proc/sys/kernel/printk_ratelimit to 0 will fix this and let us get most if not all of the missing messages if the test is rerun. ie. echo 0 > /proc/sys/kernel/printk_ratelimit rerun test grab log [ 58.869517] audit: type=1400 audit(1675757852.408:120): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=1986 comm="snap-confine" capability=12 capname="net_admin" [ 58.869556] audit: type=1400 audit(1675757852.408:121): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=1986 comm="snap-confine" capability=38 capname="perfmon" [ 58.891561] audit: type=1400 audit(1675757852.428:122): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/meta/snap.yaml" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 58.893320] audit: type=1400 audit(1675757852.432:123): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/etc/apparmor.d/cache/" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 58.923054] audit: type=1400 audit(1675757852.460:124): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/usr/local/share/fonts/" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 58.923069] audit: type=1400 audit(1675757852.460:125): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/usr/local/share/" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 58.925563] audit: type=1400 audit(1675757852.464:126): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/var/lib/snapd/hostfs/usr/share/fonts/" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 58.972193] audit: type=1400 audit(1675757852.508:127): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/usr/local/share/fonts/" pid=2003 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 59.020734] audit: type=1400 audit(1675757852.561:128): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/meta/snap.yaml" pid=2009 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 59.021624] audit: type=1400 audit(1675757852.561:129): apparmor="DENIED" operation="getattr" class="file" profile="snap-update-ns.slack" name="/etc/apparmor.d/cache/" pid=2009 comm="5" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1991691 Title: cannot change mount namespace Status in Linux: New Status in linux package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Incomplete Bug description: Multiple snaps are either broken or "only" display permission denied messages. slack snap is not starting at all with: > update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.slack /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied firefox snap does start, but also logs errors: update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/doc /usr/share/doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/doc": lstat /var/lib/snapd/hostfs/usr/share/doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/fonts /usr/share/fonts none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/fonts": lstat /var/lib/snapd/hostfs/usr/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/local/share/fonts /usr/local/share/fonts none bind,ro 0 0): cannot inspect "/usr/local/share/fonts": lstat /usr/local/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/cups/doc-root /usr/share/cups/doc-root none bind,ro 0 0): cannot create directory "/usr/share/cups/doc-root": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gimp/2.0/help /usr/share/gimp/2.0/help none bind,ro 0 0): cannot create directory "/usr/share/gimp/2.0": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gtk-doc /usr/share/gtk-doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/gtk-doc": lstat /var/lib/snapd/hostfs/usr/share/gtk-doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/libreoffice/help /usr/share/libreoffice/help none bind,ro 0 0): cannot create directory "/usr/share/libreoffice/help": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/xubuntu-docs /usr/share/xubuntu-docs none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/xubuntu-docs": lstat /var/lib/snapd/hostfs/usr/share/xubuntu-docs: permission denied update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.firefox /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: snap (not installed) ProcVersionSignature: Ubuntu 5.19.0-19.19-generic 5.19.7 Uname: Linux 5.19.0-19-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: XFCE Date: Tue Oct 4 17:29:01 2022 InstallationDate: Installed on 2017-09-26 (1834 days ago) InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Alpha amd64 (20170924) SourcePackage: snap UpgradeStatus: Upgraded to kinetic on 2022-05-22 (134 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1991691/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
