Comment 21 for bug 1620771

We have experienced this on Trusty 14.04 I was testing to see what might happen on an upgrade.

We run SSSD for logons and a have directory on disk (not a remote mount) of:

/home/server/files/users/username

I've tried the suggested apparmor fixes with no joy.

sudo dpkg-reconfigure apparmor

cat /etc/apparmor.d/tunables/home.d/ubuntu
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details.
@{HOMEDIRS}+=/home/server/files/users/

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/*

Note the following seems to have stripped /users/ off the above directory:

Nov 22 16:42:29 desktop kernel: [ 2875.968601] audit: type=1400 audit(1542901349.258:67): apparmor="DENIED" operation="open" profile="/snap/core/5897/usr/lib/snapd/snap-confine" name="/home/server/files/" pid=6254 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=5001 ouid=0

I also tried:

/var/lib/snapd/apparmor/snap-confine/my-homes

# home directories are in /foo/bar, not /home
mount options=(rw rbind) /home/server/files/users/ -> /tmp/snap.rootfs_*/home/,

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/*

That didn't seem to survive a reboot either.

Package: snapd
Status: install ok installed
Priority: optional
Section: devel
Installed-Size: 80575
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Version: 2.34.2~14.04

I don't want to do a fstab bind mount as my users get confused easily enough already..... one home is enough.

Sorry, but this is shockingly bad.