[Bug 2057943] [NEW] Can't disable or modify snap package apparmor rules

Thu, 14 Mar 2024 10:34:53 -0700 

Public bug reported:

On Ubuntu 20.04 (and probably 22.04 and greater), it is impossible to
disable snap chromium apparmor rules:

root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure
Can't find chromium.hook.configure in the system path list. If the name of the 
application
is correct, please run 'which snap.chromium.hook.configure' as a user with 
correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter.

root@{HOSTNAME}:~# aa-complain snap.chromium.chromedriver -d
/var/lib/snapd/apparmor/profiles

ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.chromium -d 
/var/lib/snapd/apparmor/profiles

ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not found
root@{HOSTNAME}:~# aa-complain snap.chromium.hook.configure -d 
/var/lib/snapd/apparmor/profiles

ERROR: Include file /var/lib/snapd/apparmor/profiles/tunables/global not
found

It seems like no one has an answer on how these overly restricted rules
can be disabled:

https://askubuntu.com/questions/1267980/how-to-disable-apparmor-for-chromium-snap-ubuntu-20-04
https://ubuntuforums.org/showthread.php?t=2410550
https://ubuntuforums.org/showthread.php?t=2449022
https://answers.launchpad.net/ubuntu/+source/apparmor/+question/701036

So I just got rid of apparmor which doesn't seem like the solution I was
after, but it works great now:

sudo systemctl stop apparmor 
sudo systemctl disable apparmor

Please give us a way to modify (and keep the rules permanently modified
even after snap updates) snap apparmor rules.

Thank you!

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2057943

Title:
  Can't disable or modify snap package apparmor rules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057943/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to