[apparmor] Snaps are blocked by Apparmor on Ubuntu 22.04
John Johansen
john.johansen at canonical.com
Tue Nov 15 17:06:39 UTC 2022
On 11/15/22 06:30, Sonixxfx wrote:
> Hi,
>
> I was trying Apparmor today, but now my snaps won't run anymore. I have tried a couple of things to solve it, including disabling Apparmor, but it didn't help.
> When i try to start Brave for example dmesg shows me:
>
how did you disable apparmor?
systemctl disable apparmor
or
systemctl disable snapd.apparmor
or
systemctl stop apparmor
or did you edit /etc/grub/defaults
> brave_brave.desktop[9095]: snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
> brave_brave.desktop[9095]: Please make sure that the snapd.apparmor service is enabled and started.
>
> These messages are also shown when I have Apparmor enabled and started.
>
what does aa-status return?
> Can someone tell me how I can resolve this?
>
so snaps by-pass the apparmor userspace service and only use the kernel component. They run their own service to manage snap confinement. What do you get for
systemctl status snapd.apparmor
and of course if it is not running you can do
systemctl start snapd.apparmor
or make sure it runs after reboot
systemctl enable snapd.apparmor
More information about the AppArmor
mailing list