[apparmor] Snaps are blocked by Apparmor on Ubuntu 22.04

Sonixxfx sonixxfx at gmail.com
Tue Nov 15 21:23:42 UTC 2022 

Op di 15 nov. 2022 om 19:08 schreef Sonixxfx <sonixxfx at gmail.com

Sorry for mailing to you directly John.

Op di 15 nov. 2022 om 18:06 schreef John Johansen <
> john.johansen at canonical.com>:
>
>> On 11/15/22 06:30, Sonixxfx wrote:
>> > Hi,
>> >
>> > I was trying Apparmor today, but now my snaps won't run anymore. I have
>> tried a couple of things to solve it, including disabling Apparmor, but it
>> didn't help.
>> > When i try to start Brave for example dmesg shows me:
>> >
>>
>> how did you disable apparmor?
>>
>> systemctl disable apparmor
>>
>> or
>>
>> systemctl disable snapd.apparmor
>>
>> or
>>
>> systemctl stop apparmor
>>
>> or did you edit /etc/grub/defaults
>>
>>
> I ran
>
> sudo systemctl stop apparmor.service
>
> to disable Apparmor.
>
>
> I ran
>
> sudo systemctl disable apparmor.service
>
> to unload the kernel module.
>
>
> Should I have run:
>
> sudo systemctl disable snapd.apparmor ?
>
> > brave_brave.desktop[9095]: snap-confine has elevated permissions and is
>> not confined but should be. Refusing to continue to avoid permission
>> escalation attacks
>> > brave_brave.desktop[9095]: Please make sure that the snapd.apparmor
>> service is enabled and started.
>> >
>> > These messages are also shown when I have Apparmor enabled and started.
>> >
>>
>> what does aa-status return?
>>
>>
> I have already reinstalled my OS, sorry. But I am curious what you answer
> to my question.
>
>
>
>> > Can someone tell me how I can resolve this?
>> >
>>
>> so snaps by-pass the apparmor userspace service and only use the kernel
>> component. They run their own service to manage snap confinement. What do
>> you get for
>>
>> systemctl status snapd.apparmor
>>
>>
>> and of course if it is not running you can do
>>
>> systemctl start snapd.apparmor
>>
>> or make sure it runs after reboot
>>
>> systemctl enable snapd.apparmor
>>
>>
> Thanks for the info 😃
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20221115/281ad358/attachment.html>

More information about the AppArmor mailing list