[Touch-packages] [Bug 1767880] Re: apparmor prevents Chromium (snap) to run the 2nd time

Jamie Strandboge Mon, 30 Apr 2018 03:01:28 -0700

Note that this is for the chromium snap and it is the snapd package that
provides the apparmor policy for the chromium snap.


Also, the bluez accesses should not be what is preventing the chromium
snap from starting-- these are harmless denials. I've adjusted the title
of the to reflect this. Assigning to Olivier since he is taking care of
the chromium snap. Olivier, please adjust this bug as needed.

** Package changed: apparmor (Ubuntu) => snapd (Ubuntu)

** Changed in: snapd (Ubuntu)
     Assignee: (unassigned) => Olivier Tilloy (osomon)

** Summary changed:

- apparmor prevents Chromium (snap) to run the 2nd time
+ Chromium (snap) fails to run the 2nd time

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1767880

Title:
  Chromium (snap) fails to run the 2nd time

Status in snapd package in Ubuntu:
  Confirmed

Bug description:
  I installed Ubuntu 18.04 minimal, and then Chromium via Ubuntu Software (used 
snap).
  The 1st session was OK.
  The next time I tried to start Chromium it did not work.
  dmesg output below...

  [   16.281404] audit: type=1400 audit(1525020432.644:2): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=814 
comm="apparmor_parser"
  [   16.281409] audit: type=1400 audit(1525020432.644:3): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="man_filter" pid=814 
comm="apparmor_parser"
  [   16.281412] audit: type=1400 audit(1525020432.644:4): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="man_groff" pid=814 
comm="apparmor_parser"
  [   16.282542] audit: type=1400 audit(1525020432.644:5): apparmor="STATUS" 
operation="profile_load" profile="unconfined" 
name="/snap/core/4486/usr/lib/snapd/snap-confine" pid=811 comm="apparmor_parser"
  [   16.282547] audit: type=1400 audit(1525020432.644:6): apparmor="STATUS" 
operation="profile_load" profile="unconfined" 
name="/snap/core/4486/usr/lib/snapd/snap-confine//mount-namespace-capture-helper"
 pid=811 comm="apparmor_parser"
  [   16.301350] audit: type=1400 audit(1525020432.664:7): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" 
pid=816 comm="apparmor_parser"
  [   16.303129] audit: type=1400 audit(1525020432.664:8): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=810 
comm="apparmor_parser"
  [   16.303135] audit: type=1400 audit(1525020432.664:9): apparmor="STATUS" 
operation="profile_load" profile="unconfined" 
name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=810 
comm="apparmor_parser"
  [   16.303139] audit: type=1400 audit(1525020432.664:10): apparmor="STATUS" 
operation="profile_load" profile="unconfined" 
name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=810 comm="apparmor_parser"
  [   16.303142] audit: type=1400 audit(1525020432.664:11): apparmor="STATUS" 
operation="profile_load" profile="unconfined" 
name="/usr/lib/connman/scripts/dhclient-script" pid=810 comm="apparmor_parser"
  [   23.838673] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
  [   23.853369] r8169 0000:03:00.0 enp3s0: link down
  [   23.853475] IPv6: ADDRCONF(NETDEV_UP): enp3s0: link is not ready
  [   26.585485] r8169 0000:03:00.0 enp3s0: link up
  [   26.585498] IPv6: ADDRCONF(NETDEV_CHANGE): enp3s0: link becomes ready
  [   28.699891] kauditd_printk_skb: 30 callbacks suppressed
  [   28.699893] audit: type=1400 audit(1525020445.060:42): apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=1061 
comm="snap-confine" capability=2  capname="dac_read_search"
  [   66.600752] rfkill: input handler disabled
  [   90.129998] audit: type=1107 audit(1525034906.353:43): pid=907 uid=103 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/" 
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" 
mask="send" name="org.bluez" pid=2308 label="snap.chromium.chromium"
                  exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? 
terminal=?'
  [  216.710536] audit: type=1107 audit(1525035032.932:44): pid=907 uid=103 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/" 
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" 
mask="send" name="org.bluez" pid=2856 label="snap.chromium.chromium"
                  exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? 
terminal=?'
  [  236.815748] audit: type=1400 audit(1525035053.036:45): apparmor="DENIED" 
operation="ptrace" profile="snap.chromium.chromium" pid=2856 
comm="chromium-browse" requested_mask="trace" denied_mask="trace" 
peer="unconfined"
  [  348.745271] audit: type=1107 audit(1525035164.968:46): pid=907 uid=103 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/" 
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" 
mask="send" name="org.bluez" pid=3530 label="snap.chromium.chromium"
                  exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? 
terminal=?'
  [  368.871445] audit: type=1400 audit(1525035185.097:47): apparmor="DENIED" 
operation="ptrace" profile="snap.chromium.chromium" pid=3530 
comm="chromium-browse" requested_mask="trace" denied_mask="trace" 
peer="unconfined"
  [  382.640426] audit: type=1107 audit(1525035198.865:48): pid=907 uid=103 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/" 
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" 
mask="send" name="org.bluez" pid=3756 label="snap.chromium.chromium"
                  exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? 
terminal=?'

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: apparmor 2.12-4ubuntu5
  ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
  Uname: Linux 4.15.0-20-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Apr 29 17:12:14 2018
  InstallationDate: Installed on 2018-04-28 (1 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-20-generic 
root=UUID=b88709ac-8c8f-4c78-bbd9-f433d1bd6ee5 ro quiet splash vt.handoff=1
  SourcePackage: apparmor
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1767880/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1767880] Re: apparmor prevents Chromium (snap) to run the 2nd time

Reply via email to