Closed a1exus closed 1 year ago
Hi @a1exus ,
This error seems to be related to snapd. What distribution are you using? Looking at this https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-error/2391/3 , Is it possible you are not running the default kernel?
Thanks
@ktsakalozos thank you for your response, I'm running default kernel that came with Kali distro:
toor@suey:~$ cat /etc/lsb-release
DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
toor@suey:~$
toor@suey:~$ uname -a
Linux suey.nknwn.local 4.18.0-kali3-amd64 #1 SMP Debian 4.18.20-2kali2 (2018-11-30) x86_64 GNU/Linux
toor@suey:~$
Hi,
This has to be reported to the snapcraft team possibly at https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-error/2391 or on a new topic. This is out of my hands. I am sorry.
On Thu, Apr 25, 2019 at 4:09 PM xOrMalware notifications@github.com wrote:
I am experiencing the same problem. But I would like to give a little bit more information. I am using trying to use Bitwarden.
If I install snapd. reboot, start snap service, reboot, install bit warden. I can get bitwarden to run. However, if I reboot, then try to run bitwarden, I get the error snap-confine has elevated permissions.
So I am not convinced this is as simple as a kernel issue, as I am surprised, I was able to get the app to run at all.
but uname -a
Linux Kernel 4.19.0-kali4-amd64 …..
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ubuntu/microk8s/issues/249#issuecomment-486665522, or mute the thread https://github.com/notifications/unsubscribe-auth/ACXVBLEXUPXNC6TOUNJIGU3PSGUQXANCNFSM4GKUBYBA .
$ snap list
$ sudo apt-get install apparmor
Now everything will work
The same error occurs if apparmor service stopped or disabled.
Please report this issue to https://forum.snapcraft.io
. Thank you.
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
According to the conversation in [Ubuntu Forum], this particular answer, fixed my problem.
So, just install apparmor
if don't have it already, and then enable it by:
systemctl enable --now apparmor.service
Note: For some reasons, it asks for password multiple times. In my case, 5 times!! Don't give up! :)
sudo systemctl enable --now apparmor.service
fixed the issue for me. Asked for password once :tongue:
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
This works for me, but I have to do it after every reboot
According to the conversation in [Ubuntu Forum], this particular answer, fixed my problem.
So, just install
apparmor
if don't have it already, and then enable it by:systemctl enable --now apparmor.service
Note: For some reasons, it asks for password multiple times. In my case, 5 times!! Don't give up! :)
fixed my problem thanks ^_^
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
@dxas90 after running this I got
cannot change profile for the next exec call: No such file or directory
trying to up docker containers.
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
this worked for me ..thanks !!
The same error occurs if apparmor service stopped or disabled.
true it fixed my anbox snap installation
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
This is work great for me. Thanks
i do sudo systemctl start apparmor
try that before you do the sudo apparmor_parser
commands
This worked for my Kali Linux destro (Debian). It might work for you as well. Remember default snap that comes with the OS has this issue in most destros
First, try uninstalling snap and snapd and then, resinstalling them back This should fix it;
sudo apt remove snap && sudo apt remove snapd # or sudo apt remove snap # and when its done, run sudo apt remove snapd
This worked for my Kali Linux destro (Debian). It might work for you as well. Remember default snap that comes with the OS has this issue in most destros
First, try uninstalling snap and snapd and then, resinstalling them back This should fix it;
sudo apt remove snap && sudo apt remove snapd # or sudo apt remove snap # and when its done, run sudo apt remove snapd
# Much simpler this way
# Apt have reinstall command
sudo apt reinstall snap snapd
sudo apt reinstall snap snapd
I've already done this, but when I restart linux, the problem comes back.
LSB Version: core-11.1.0ubuntu2-noarch:printing-11.1.0ubuntu2-noarch:security-11.1.0ubuntu2-noarch
Distributor ID: Linuxmint
Description: Linux Mint 20.2
Release: 20.2
Codename: uma
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
It work on kali linux. Thank you @a1exus
sudo apt reinstall snap snapd
I've already done this, but when I restart linux, the problem comes back.
LSB Version: core-11.1.0ubuntu2-noarch:printing-11.1.0ubuntu2-noarch:security-11.1.0ubuntu2-noarch Distributor ID: Linuxmint Description: Linux Mint 20.2 Release: 20.2 Codename: uma
do other solution works?
Solved it with sudo snap refresh
i have the same issue. basically all snap apps doesn't work
service snapd force-reload
or systemctl restart snapd
apparmor is fine. no changes
and also tried the profile changing, and this happened
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement cannot change profile for the next exec call: No such file or directory snap-update-ns failed with code 1
apt remove snapd|apt install snapd
is not my option i have limited screentime online every bytes is goldKali, Fedora, Linux Mint
basically distributions that doesn't have snapcraft pre-installed like pop_os, manjaro, ubuntu
After finding this above
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
I uninstalled
apparmor
(and thus alsosnapd
) completely and reinstalledsnapd
again, which fixed it on Ubuntu 21.10 (to which I updated before to usingupdate-manager
(from an install of Ubuntu 21.04, which was upgraded from Ubuntu 20.10 before) so it looks like the update from olderapparmor
andsnap
triggered the issue)sudo apt remove apparmor && sudo apt install snapd
Had same issue too after dist-upgrade today (all snaps didn't started), reinstalling apparmor and snapd did not helped...
After running "sudo apparmor_parser..." suggested here there was another error (exact same like @HassanAmed posted). And after some digging deeper got working snaps with sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/*
It turns out that you should do this every time after reboot... and because of that i've found what caused all trouble:
○ snapd.apparmor.service - Load AppArmor profiles managed internally by snapd Loaded: loaded (/lib/systemd/system/snapd.apparmor.service; disabled; vendor preset: disabled) Active: inactive (dead)
So finally systemctl enable --now snapd.apparmor.service
fixed this for good.
Hope this helps somebody.
_Note: I think that if sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
helps to fix your issue than reinstalling could fix this with high chances_
sudo apt reinstall snap snapd
I've already done this, but when I restart linux, the problem comes back.
I write a script, that run after login. Hope it can be useful for someone else:
# fix snap
apt purge snap snapd
apt install snap snapd
systemctl restart snapd.service
# systemctl enable snapd.service # I delete snap again after every login
# install apps
declare -a SnapList=(
"pycharm-community --classic"
"telegram-desktop"
"bitwarden"
...
# enumerate YOUR snaps here
)
for package in "${SnapList[@]}";do
snap install $package
done
and add to ~/.bashrc
this line
export PATH="$PATH:/snap/bin/"
I run whole script with sudo
permissions.
Thanks all for help !
kali
The minimum number of files needed to have their definitions replaced (at least on Kali) is:
# Generic
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-update-ns.*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine.snapd.14066
# Example For Discord
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-update-ns.discord
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.discord.discord
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine.snapd.14066
The real question is, how do I get it to stay fixed across reboots and how do I do this without requiring root privileges?
I'm digging more into apparmor. It appears at least for Kali, the profiles are not loaded at all. When running the replace command, the profiles will be added in enforce mode. I'll have to update if I figure out how to get the profiles to be loaded on boot (and without pulling sudo shenanigans with .zshrc or anything.
Edit: I'm using 3.0.3-6 version of the apparmor package from Kali's repo.
This file might have some promise on getting snapd profiles to load on boot.
Yep, that did it. Open /lib/apparmor/rc.apparmor.functions
and look for the line ADDITIONAL_PROFILE_DIR=
and paste your snapd profile directory into that line. For me, the profile directory was /var/lib/snapd/apparmor/profiles/
.
@alexis-evelyn Tanks, I also use kali linux and have the same error, and your answer solves my problem.
Thank you all for all the different answers, and after doing many of the above tasks I was able to get pyradio working. For today anyway I am able to run Cointop without any error! This is great as I had to reinstall it every time to get it to work.
@a1exus you can also fix it with
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
@dxas90 after running this I got
cannot change profile for the next exec call: No such file or directory
trying to up docker containers.
sudo apt install apparmor-utils apparmor-profiles
sudo apparmor_parser --add /var/lib/snapd/apparmor/profiles/snap.mirok8s.*
sudo systemctl enable --now apparmor.service
sudo systemctl enable --now snapd.apparmor.service
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Having a reoccurance of this issue now. Running the two "apparmor"-commands fixes it temporarily, but the issue comes back after reboot. Several machines impacted simultaniously.
I have tried almost everything here, but I am stuck with the error:
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Please make sure that the snapd.apparmor service is enabled and started.
Hello,
Trying to quick-start microk8s, yet running into following error:
Please advise.