installation of kernel headers fail with "Read-only file system" error

in general, it is useful to be able to install kernel headers even on the confined system.

Potentially need to change something on either the deb, snap, or both side to make all of that work.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 2034688

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

# ls -latr /lib/modules/6.3.0-7-generic/build
lrwxrwxrwx 1 root root 38 Jun 8 14:44 /lib/modules/6.3.0-7-generic/build -> /usr/src/linux-headers-6.3.0-7-generic

Pondering if such a link should be shipped by all the snaps.

And pondering if .deb should change it from a shipped file, to a postinst scriplet that creates it dynamically.

Can you please try refresh to channel 23.10/beta or --revision 1474 and let me know if this improves things?

I have tried switching to 23.10/beta and installed the pc-kernel snap rev 1506 but the problem is still there

I have the same issue. This is a brand new system and installation of 23.10 and the first thing i am doing is upgrading the headers so i can install VMware. I am also using TPM-backed hardware encryption.

$ sudo apt-get install linux-headers-6.5.0-10-generic -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  linux-headers-6.5.0-10-generic
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
3 not fully installed or removed.
Need to get 0 B/3,737 kB of archives.
After this operation, 28.8 MB of additional disk space will be used.
(Reading database ... 122496 files and directories currently installed.)
Preparing to unpack .../linux-headers-6.5.0-10-generic_6.5.0-10.10_amd64.deb ...
Unpacking linux-headers-6.5.0-10-generic (6.5.0-10.10) over (6.5.0-10.10) ...
dpkg: error processing archive /var/cache/apt/archives/linux-headers-6.5.0-10-generic_6.5.0-10.10_amd64.deb (--unpack):
 error creating directory './lib/modules/6.5.0-10-generic': Read-only file system
dpkg: error while cleaning up:
 unable to remove newly-extracted version of '/lib/modules/6.5.0-10-generic': Read-only file system
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/linux-headers-6.5.0-10-generic_6.5.0-10.10_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

There are more reports of users hitting that issue on https://discourse.ubuntu.com/t/tpm-backed-full-disk-encryption-is-coming-to-ubuntu-discussion , it also seems not easy to go back to a working apt

If you're in this inconsistent state and dpkg requires to reinstall the packages you can force the removal of the package with dpkg option --force-remove-reinstreq

For instance:
dpkg --purge --force-remove-reinstreq linux-headers-6.5.0-10-generic

To list the packages that are half-installed use:
dpkg -l "linux-headers*"

Note that kernel headers are not the only package affected but everything that tries to write to kernel-protected directories will be, such as extra modules or firmware.

This is a known issue and is being worked on.