I recently have been trying to enable SNAPD (SNAPPY) on 16.04 MATE and server.
sudo apt install snapd
installs fine, but when I try install a 'snap' it fails. this should work on 16.04.
sudo snap install hello-world
large error dump --- very misleading...
When I checked to see what is going on with required apparmor module, I found it wasn't working.
When I checked the kernel I found to my surprise that apparmor wasn't enabled. This has been enabled by default on Ubuntu for many, many years...
It would appear that several kernel flags need to be set in order for apparmor to work
set CONFIG_SECURITY_APPARMOR=y
"If AppArmor should be selected as the default security module then
set CONFIG_DEFAULT_SECURITY="apparmor"
set CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1"
Q: how do I enable this when I build an Armbian kernel? I didn't find it in the menus when I did KERNEL_CONFIGURE="yes"
----
https://www.kernel.org/doc/Documentation/security/apparmor.txt
https://github.com/FlorentRevest/linux-sunxi-cedrus/blob/master/Documentation/security/apparmor.txt
----
Thanks!
David
P.S.
For completeness, here is the actual error encountered... and this happened on 16.04 build server, desktop, legacy and current/dev kernel builds on orange pi pc+, bananapi m2+, and olimex lime2 nand and emmc.
-----
root@orangepipcplus:~# sudo snap find hello
Name Version Developer Notes Summary
hello 2.10 canonical - GNU Hello, the "hello world" snap
hello-world 6.3 canonical - The 'hello-world' of snaps
hello-ricardokirkner-test1 2 ricardokirkner 1.00USD say hello
hello-securx-snap 1.2 securx - Single-line elevator pitch for your amazing snap
rust-hello 0.1 icey - Prove cross platform rust snaps
root@orangepipcplus:~# sudo snap install hello-world
error: cannot perform the following tasks:
- Setup snap "hello-world" (27) security profiles (cannot setup apparmor for snap "hello-world": cannot load apparmor profile "snap.hello-world.env": cannot load apparmor profile: exit status 1
apparmor_parser output:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
)
- Setup snap "hello-world" (27) security profiles (cannot load apparmor profile "snap.hello-world.env": cannot load apparmor profile: exit status 1
apparmor_parser output:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
)
root@orangepipcplus:~# uname -a
Linux orangepipcplus 4.9.0-sun8i #2 SMP Sat Dec 3 17:44:12 UTC 2016 armv7l armv7l armv7l GNU/Linux
-----
root@lime2-emmc:~# sudo snap install hello-world
error: cannot perform the following tasks:
- Setup snap "hello-world" (27) security profiles (cannot setup apparmor for snap "hello-world": cannot load apparmor profile "snap.hello-world.env": cannot load apparmor profile: exit status 1
apparmor_parser output:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
)
- Setup snap "hello-world" (27) security profiles (cannot load apparmor profile "snap.hello-world.env": cannot load apparmor profile: exit status 1
apparmor_parser output:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
)
root@lime2-emmc:~# uname -a
Linux lime2-emmc 4.8.11-sunxi #1 SMP Wed Nov 30 19:03:50 UTC 2016 armv7l armv7l armv7l GNU/Linux