Using NVFv4, kerberos authenticated, mounted by autofs:
arc@andrewshoreham:~$ hello
cannot open path of the current working directory: Permission denied
[ Then as user with sudo privs, sudo systemctl restart snapd ]
arc@andrewshoreham:~$ hello
cannot open path of the current working directory: Permission denied
Logs since just before restarting snapd
syslog
------
May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(1652590449.676:183): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/proc/24886/cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 15 14:54:09 andrewshoreham systemd[1]: Stopping Snap Daemon...
May 15 14:54:09 andrewshoreham snapd[726]: main.go:155: Exiting on terminated signal.
May 15 14:54:09 andrewshoreham snapd[726]: overlord.go:504: Released state lock file
May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Deactivated successfully.
May 15 14:54:09 andrewshoreham systemd[1]: Stopped Snap Daemon.
May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Consumed 2.753s CPU time.
May 15 14:54:09 andrewshoreham systemd[1]: Starting Snap Daemon...
May 15 14:54:09 andrewshoreham snapd[24890]: AppArmor status: apparmor is enabled and all features are available
May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:263: Acquiring state lock file
May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:268: Acquired state lock file
May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:247: started snapd/2.55.3+22.04 (series 16; classic) ubuntu/22.04 (amd64) linux/5.15.0-25-generic.
May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8
May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:340: adjusting startup timeout by 1m10s (pessimistic estimate of 30s plus 5s per snap)
May 15 14:54:09 andrewshoreham systemd[1]: tmp-sanity\x2dmountpoint\x2d2760788470.mount: Deactivated successfully.
May 15 14:54:09 andrewshoreham snapd[24890]: backend.go:133: snapd enabled NFS support, additional implicit network permissions granted
May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(1652590450.028:184): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=24926 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(1652590450.060:185): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24926 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(1652590450.448:186): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine" pid=24946 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(1652590450.464:187): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24946 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(1652590450.644:188): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.hook.configure" pid=24950 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(1652590450.820:189): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.snapd-desktop-integration" pid=24951 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(1652590451.112:190): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snap-store" pid=24948 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(1652590451.200:191): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snapd-desktop-integration" pid=24949 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(1652590451.208:192): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.hello" pid=24954 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham systemd[1]: Started Snap Daemon.
May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by ':1.166' (uid=0 pid=24890 comm="/usr/lib/snapd/snapd " label="unconfined")
May 15 14:54:11 andrewshoreham systemd[1]: Starting Time & Date Service...
May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Successfully activated service 'org.freedesktop.timedate1'
May 15 14:54:11 andrewshoreham systemd[1]: Started Time & Date Service.
May 15 14:54:16 andrewshoreham systemd[1768]: Started snap.hello.hello.7d0654f6-64ad-4eb4-a941-def09a487e61.scope.
May 15 14:54:41 andrewshoreham systemd[1]: systemd-timedated.service: Deactivated successfully.
auth.log
--------
May 15 14:54:09 andrewshoreham sudo: localuser : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/systemctl restart snapd
May 15 14:54:09 andrewshoreham sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
May 15 14:54:11 andrewshoreham sudo: pam_unix(sudo:session): session closed for user root
kern.log
--------
May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(1652590449.676:183): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/proc/24886/cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8
May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(1652590450.028:184): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=24926 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(1652590450.060:185): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24926 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(1652590450.448:186): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine" pid=24946 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(1652590450.464:187): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/snapd/15534/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=24946 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(1652590450.644:188): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.hook.configure" pid=24950 comm="apparmor_parser"
May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(1652590450.820:189): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.snapd-desktop-integration.snapd-desktop-integration" pid=24951 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(1652590451.112:190): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snap-store" pid=24948 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(1652590451.200:191): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.snapd-desktop-integration" pid=24949 comm="apparmor_parser"
May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(1652590451.208:192): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap-update-ns.hello" pid=24954 comm="apparmor_parser"
Using NVFv4, kerberos authenticated, mounted by autofs:
arc@andrewshore ham:~$ hello
cannot open path of the current working directory: Permission denied
[ Then as user with sudo privs, sudo systemctl restart snapd ]
arc@andrewshore ham:~$ hello
cannot open path of the current working directory: Permission denied
Logs since just before restarting snapd
syslog 9.676:183) : apparmor="ALLOWED" operation="open" profile= "/usr/sbin/ sssd" name="/ proc/24886/ cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 15.0-25- generic. x2dmountpoint\ x2d2760788470. mount: Deactivated successfully. 0.028:184) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ snapd/snap- confine" pid=24926 comm="apparmor_ parser" 0.060:185) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ snapd/snap- confine/ /mount- namespace- capture- helper" pid=24926 comm="apparmor_ parser" 0.448:186) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ snap/snapd/ 15534/usr/ lib/snapd/ snap-confine" pid=24946 comm="apparmor_ parser" 0.464:187) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ snap/snapd/ 15534/usr/ lib/snapd/ snap-confine/ /mount- namespace- capture- helper" pid=24946 comm="apparmor_ parser" 0.644:188) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="snap. snapd-desktop- integration. hook.configure" pid=24950 comm="apparmor_ parser" 0.820:189) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="snap. snapd-desktop- integration. snapd-desktop- integration" pid=24951 comm="apparmor_ parser" 1.112:190) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.snap- store" pid=24948 comm="apparmor_ parser" 1.200:191) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.snapd- desktop- integration" pid=24949 comm="apparmor_ parser" 1.208:192) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.hello" pid=24954 comm="apparmor_ parser" freedesktop. timedate1' unit='dbus- org.freedesktop .timedate1. service' requested by ':1.166' (uid=0 pid=24890 comm="/ usr/lib/ snapd/snapd " label="unconfined") p.timedate1' hello.7d0654f6- 64ad-4eb4- a941-def09a487e 61.scope. timedated. service: Deactivated successfully.
------
May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(165259044
May 15 14:54:09 andrewshoreham systemd[1]: Stopping Snap Daemon...
May 15 14:54:09 andrewshoreham snapd[726]: main.go:155: Exiting on terminated signal.
May 15 14:54:09 andrewshoreham snapd[726]: overlord.go:504: Released state lock file
May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Deactivated successfully.
May 15 14:54:09 andrewshoreham systemd[1]: Stopped Snap Daemon.
May 15 14:54:09 andrewshoreham systemd[1]: snapd.service: Consumed 2.753s CPU time.
May 15 14:54:09 andrewshoreham systemd[1]: Starting Snap Daemon...
May 15 14:54:09 andrewshoreham snapd[24890]: AppArmor status: apparmor is enabled and all features are available
May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:263: Acquiring state lock file
May 15 14:54:09 andrewshoreham snapd[24890]: overlord.go:268: Acquired state lock file
May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:247: started snapd/2.55.3+22.04 (series 16; classic) ubuntu/22.04 (amd64) linux/5.
May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8
May 15 14:54:09 andrewshoreham snapd[24890]: daemon.go:340: adjusting startup timeout by 1m10s (pessimistic estimate of 30s plus 5s per snap)
May 15 14:54:09 andrewshoreham systemd[1]: tmp-sanity\
May 15 14:54:09 andrewshoreham snapd[24890]: backend.go:133: snapd enabled NFS support, additional implicit network permissions granted
May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham systemd[1]: Started Snap Daemon.
May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Activating via systemd: service name='org.
May 15 14:54:11 andrewshoreham systemd[1]: Starting Time & Date Service...
May 15 14:54:11 andrewshoreham dbus-daemon[693]: [system] Successfully activated service 'org.freedeskto
May 15 14:54:11 andrewshoreham systemd[1]: Started Time & Date Service.
May 15 14:54:16 andrewshoreham systemd[1768]: Started snap.hello.
May 15 14:54:41 andrewshoreham systemd[1]: systemd-
auth.log
--------
May 15 14:54:09 andrewshoreham sudo: localuser : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND= /usr/bin/ systemctl restart snapd sudo:session) : session opened for user root(uid=0) by (uid=1000) sudo:session) : session closed for user root
May 15 14:54:09 andrewshoreham sudo: pam_unix(
May 15 14:54:11 andrewshoreham sudo: pam_unix(
kern.log 9.676:183) : apparmor="ALLOWED" operation="open" profile= "/usr/sbin/ sssd" name="/ proc/24886/ cmdline" pid=910 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 0.028:184) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ snapd/snap- confine" pid=24926 comm="apparmor_ parser" 0.060:185) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ snapd/snap- confine/ /mount- namespace- capture- helper" pid=24926 comm="apparmor_ parser" 0.448:186) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ snap/snapd/ 15534/usr/ lib/snapd/ snap-confine" pid=24946 comm="apparmor_ parser" 0.464:187) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ snap/snapd/ 15534/usr/ lib/snapd/ snap-confine/ /mount- namespace- capture- helper" pid=24946 comm="apparmor_ parser" 0.644:188) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="snap. snapd-desktop- integration. hook.configure" pid=24950 comm="apparmor_ parser" 0.820:189) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="snap. snapd-desktop- integration. snapd-desktop- integration" pid=24951 comm="apparmor_ parser" 1.112:190) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.snap- store" pid=24948 comm="apparmor_ parser" 1.200:191) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.snapd- desktop- integration" pid=24949 comm="apparmor_ parser" 1.208:192) : apparmor="STATUS" operation= "profile_ replace" info="same as current profile, skipping" profile= "unconfined" name="snap- update- ns.hello" pid=24954 comm="apparmor_ parser"
--------
May 15 14:54:09 andrewshoreham kernel: [12319.195323] audit: type=1400 audit(165259044
May 15 14:54:09 andrewshoreham kernel: [12319.270748] loop11: detected capacity change from 0 to 8
May 15 14:54:10 andrewshoreham kernel: [12319.549118] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.578896] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.969313] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12319.983029] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12320.165228] audit: type=1400 audit(165259045
May 15 14:54:10 andrewshoreham kernel: [12320.341043] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.633250] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.721431] audit: type=1400 audit(165259045
May 15 14:54:11 andrewshoreham kernel: [12320.727129] audit: type=1400 audit(165259045