As I have done pretty much the same[1], I think these are relevant snippets from the journal: $ sudo snap-tmpctl mount-volume /dev/sda5 /mnt ``` Jun 22 18:38:34 ubuntu systemd[1]: Started snap.snap-tpmctl.snap-tpmctl-93525cfc-fc8f-442f-a9d1-8e4149cd02f3.scope. Jun 22 18:38:34 ubuntu kernel: kauditd_printk_skb: 6 callbacks suppressed Jun 22 18:38:34 ubuntu kernel: audit: type=1400 audit(1782153514.377:230): apparmor="DENIED" operation="open" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/sys/fs/cgroup/system.slice/snap.snap-tpmctl.snap-tpmctl-93525cfc-fc8f-442f-a9d1-8e4149cd02f3.scope/cpu.max" pid=9501 comm="snap-tpmctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jun 22 18:38:38 ubuntu kernel: audit: type=1326 audit(1782153518.806:231): auid=1000 uid=0 gid=0 ses=2 subj=snap.snap-tpmctl.snap-tpmctl pid=9501 comm="snap-tpmctl" exe="/snap/snap-tpmctl/96/bin/snap-tpmctl" sig=0 arch=c000003e syscall=424 compat=0 ip=0x40e1ae code=0x50000 Jun 22 18:38:39 ubuntu sudo[9561]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0) Jun 22 18:38:39 ubuntu sudo[9561]: root : PWD=/snap/ubuntu-desktop-bootstrap/589/bin/subiquity ; USER=root ; COMMAND=/usr/sbin/dmsetup info /dev/dm-0 -C -o name,uuid,blkdevname,blkdevs_used,subsystem --noheading --separator = Jun 22 18:38:39 ubuntu sudo[9561]: pam_unix(sudo:session): session closed for user root Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.482:232): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9566 comm="pvscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.482:233): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9566 comm="pvscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.482:234): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9566 comm="pvscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.482:235): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9566 comm="pvscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.534:236): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9567 comm="vgscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.534:237): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9567 comm="vgscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.534:238): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9567 comm="vgscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.534:239): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9567 comm="vgscan" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.598:240): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9568 comm="vgchange" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: audit: type=1400 audit(1782153519.598:241): apparmor="ALLOWED" operation="getattr" class="posix_mqueue" profile="snap.ubuntu-desktop-bootstrap.subiquity-server" name="/" pid=9568 comm="vgchange" requested="getattr" denied="getattr" class="posix_mqueue" fsuid=0 ouid=0 olabel="unconfined" Jun 22 18:38:39 ubuntu kernel: EXT4-fs (dm-0): mounted filesystem b13e6b1d-3a46-437f-9f2f-a2d522f0ca10 r/w with ordered data mode. Quota mode: none. Jun 22 18:38:39 ubuntu systemd[1]: snap.snap-tpmctl.snap-tpmctl-93525cfc-fc8f-442f-a9d1-8e4149cd02f3.scope: Deactivated successfully. ```
Similar in reverse: $ sudo snap-tpmctl unmount-volume /mnt ERROR: unable to remove mount point: openfdat //mnt: permission denied ``` Jun 22 19:12:31 ubuntu sudo[7839]: pam_unix(sudo:session): session opened for user root(uid=0) by ubuntu(uid=1000) Jun 22 19:12:31 ubuntu sudo[7839]: ubuntu : TTY=/dev/pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/snap/bin/snap-tpmctl unmount-volume -v /mnt Jun 22 19:12:32 ubuntu systemd[1]: Started snap.snap-tpmctl.snap-tpmctl-c60cd226-26be-41a0-bca2-08e652b067a5.scope. Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.044:207): apparmor="DENIED" operation="open" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/sys/fs/cgroup/system.slice/snap.snap-tpmctl.snap-tpmctl-c60cd226-26be-41a0-bca2-08e652b067a5.scope/cpu.max" pid=7842 comm="snap-tpmctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.118:208): apparmor="DENIED" operation="unlink" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/mnt/" pid=7842 comm="snap-tpmctl" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.119:209): apparmor="DENIED" operation="rmdir" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/mnt/" pid=7842 comm="snap-tpmctl" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.119:210): apparmor="DENIED" operation="unlink" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/mnt/" pid=7842 comm="snap-tpmctl" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.119:211): apparmor="DENIED" operation="open" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/mnt/" pid=7842 comm="snap-tpmctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu kernel: audit: type=1400 audit(1782155552.119:212): apparmor="DENIED" operation="rmdir" class="file" profile="snap.snap-tpmctl.snap-tpmctl" name="/mnt/" pid=7842 comm="snap-tpmctl" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 Jun 22 19:12:32 ubuntu systemd[1]: snap.snap-tpmctl.snap-tpmctl-c60cd226-26be-41a0-bca2-08e652b067a5.scope: Deactivated successfully. Jun 22 19:12:32 ubuntu sudo[7839]: pam_unix(sudo:session): session closed for user root ``` It looks to me that there might be an issue with a (missing?) AppArmor profile or perhaps one pertaining to mount namespaces? It's there, just invisible. [1] https://discourse.ubuntu.com/t/how-do-i-unlock-my-luks-disks-on- ubuntu-26-04-from-a-live-usb-if-my-computer-is-ubootable/84405/8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2158079 Title: snap-tpmctl doesn't mount or unmount, contrary to the documentation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snap/+bug/2158079/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
