Using NVFv4, kerberos authenticated, mounted by autofs: arc@andrewshoreham:~$ hello cannot open path of the current working directory: Permission denied
[ Then as user with sudo privs, sudo systemctl restart snapd ] arc@andrewshoreham:~$ hello cannot open path of the current working directory: Permission denied Logs since just before restarting snapd syslog ------ May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(1652590449.676:183): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/proc/24886/cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 15 14:54:09 andrewshoreham systemd[1]: Stopping Snap Daemon... May 15 14:54:09 andrewshoreham snapd[726]: main.go:155: Exiting on terminated signal. May 15 14:54:09 andrewshoreham snapd[726]: overlord.go:504: Released state lock file May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Deactivated successfully. May 15 14:54:09 andrewshoreham systemd[1]: Stopped Snap Daemon. May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Consumed 2.753s CPU time. May 15 14:54:09 andrewshoreham systemd[1]: Starting Snap Daemon... May 15 14:54:09 andrewshoreham snapd[24890]: AppArmor status: apparmor is enabled and all features are available May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:263: Acquiring state lock file May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:268: Acquired state lock file May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:247: started snapd/2.55.3+22.04 (series 16; classic) ubuntu/22.04 (amd64) linux/5.15.0-25-generic. May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8 May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:340: adjusting startup timeout by 1m10s (pessimistic estimate of 30s plus 5s per snap) May 15 14:54:09 andrewshoreham systemd[1]: tmp-sanity\x2dmountpoint\x2d2760788470.mount: Deactivated successfully. May 15 14:54:09 andrewshoreham snapd[24890]: backend.go:133: snapd enabled NFS support, additional implicit network permissions granted May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(1652590450.028:184): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=24926 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(1652590450.060:185): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24926 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(1652590450.448:186): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine" pid=24946 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(1652590450.464:187): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24946 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(1652590450.644:188): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.hook.configure" pid=24950 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(1652590450.820:189): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.snapd-desktop-integration" pid=24951 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(1652590451.112:190): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snap-store" pid=24948 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(1652590451.200:191): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snapd-desktop-integration" pid=24949 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(1652590451.208:192): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.hello" pid=24954 comm="apparmor_parser" May 15 14:54:11 andrewshoreham systemd[1]: Started Snap Daemon. May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by ':1.166' (uid=0 pid=24890 comm="/usr/lib/snapd/snapd " label="unconfined") May 15 14:54:11 andrewshoreham systemd[1]: Starting Time & Date Service... May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Successfully activated service 'org.freedesktop.timedate1' May 15 14:54:11 andrewshoreham systemd[1]: Started Time & Date Service. May 15 14:54:16 andrewshoreham systemd[1768]: Started snap.hello.hello.7d0654f6-64ad-4eb4-a941-def09a487e61.scope. May 15 14:54:41 andrewshoreham systemd[1]: systemd-timedated.service: Deactivated successfully. auth.log -------- May 15 14:54:09 andrewshoreham sudo: localuser : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/systemctl restart snapd May 15 14:54:09 andrewshoreham sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000) May 15 14:54:11 andrewshoreham sudo: pam_unix(sudo:session): session closed for user root kern.log -------- May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(1652590449.676:183): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/proc/24886/cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8 May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(1652590450.028:184): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=24926 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(1652590450.060:185): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24926 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(1652590450.448:186): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine" pid=24946 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(1652590450.464:187): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24946 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(1652590450.644:188): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.hook.configure" pid=24950 comm="apparmor_parser" May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(1652590450.820:189): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.snapd-desktop-integration" pid=24951 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(1652590451.112:190): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snap-store" pid=24948 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(1652590451.200:191): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snapd-desktop-integration" pid=24949 comm="apparmor_parser" May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(1652590451.208:192): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.hello" pid=24954 comm="apparmor_parser" -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1784774 Title: snapd is not autofs aware and fails with nfs home dir Status in snapd: Fix Released Status in firefox package in Ubuntu: Confirmed Status in snapd package in Ubuntu: Incomplete Bug description: This is similar to bugs 1662552 and 1782873. In 1782873, jdstrand asked me to open a new bug for this specific issue. In 1662552, snapd fails for nfs mounted home directories as network permissions are not enabled. A work around was implemented that works if the mount is done via a /home mount at boot. However this does not work if people mount home directories via autofs. This is probably the fundamental problem for 1782873 although there may be other issues. [ Why use autofs? If some but not all of users want to use nfs homes. In particular, I have a local user on all my accounts that does not require the nfs server to be up or the kerberos server to be up, or kerberos working on the client machines, etc. It is very useful when something goes wrong. It means I mount /home/user rather than /home (for several users). ] To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1784774/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
