Public bug reported: In Ubuntu 25.10 questing images, curl can no longer access the snapd socket as it is blocked by the apparmor profile for curl.
For example, if I create a VM in GCP using the following command: $ gcloud compute instances create questing --image-project ubuntu-os-cloud-devel --image daily-ubuntu-2510-questing-amd64-v20250813 I then see: $ sudo curl --request GET --unix-socket /run/snapd.socket "http://localhost/v2/model/serial?json=true"; curl: (7) Failed to connect to localhost port 80 after 0 ms: Could not connect to server $ sudo dmesg | tail [ 1701.302096] audit: type=1400 audit(1755110651.607:254): apparmor="DENIED" operation="connect" class="file" profile="curl" name="/run/snapd.socket" pid=1508 comm="curl" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=0 Using curl to query sockets seems to me to be a standard use case that should be allowed by apparmor. ** Affects: curl (Ubuntu) Importance: Undecided Status: New ** Tags: sec-7259 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120669 Title: curl apparmor profile in 25.10 blocks access to snapd socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2120669/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
