Ubuntu
snapd package

Ubuntu Snap Store can't download resources when proxy is set to "auto"

Bug #1871364 reported by Fotis Gimian
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Undecided
Jamie Strandboge
snapd (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

The problem is extremely simple to reproduce:

1. Install a Ubuntu 20.04 Beta
2. Browse to Settings / Network / Network Proxy and set to Automatic
3. Open the Ubuntu Store and notice that images fail to load

This appears to be AppArmor related as per the errors in the logs I see:

Apr 05 10:39:25 fotsies-ubuntu-vm dbus-daemon[1618]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/GLib/PACRunner" interface="org.gtk.GLib.PACRunner" member="Lookup" mask="send" name=":1.124" pid=2323 label="snap.snap-store.ubuntu-software" peer_pid=2530 peer_label="unconfined"
Apr 05 10:39:25 fotsies-ubuntu-vm dbus-daemon[1618]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/GLib/PACRunner" interface="org.gtk.GLib.PACRunner" member="Lookup" mask="send" name=":1.124" pid=2323 label="snap.snap-store.ubuntu-software" peer_pid=2530 peer_label="unconfined"
Apr 05 10:39:25 fotsies-ubuntu-vm dbus-daemon[1618]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/GLib/PACRunner" interface="org.gtk.GLib.PACRunner" member="Lookup" mask="send" name=":1.124" pid=2323 label="snap.snap-store.ubuntu-software" peer_pid=2530 peer_label="unconfined"
Apr 05 10:39:25 fotsies-ubuntu-vm dbus-daemon[1618]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/GLib/PACRunner" interface="org.gtk.GLib.PACRunner" member="Lookup" mask="send" name=":1.124" pid=2323 label="snap.snap-store.ubuntu-software" peer_pid=2530 peer_label="unconfined"
...
Apr 05 10:39:37 fotsies-ubuntu-vm snap-store[2323]: Result of screenshot downloading attempt with status code '7': GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.123" (uid=1000 pid=2323 comm="/snap/snap-store/336/usr/bin/snap-store " label="snap.snap-store.ubuntu-software (enforce)") interface="org.gtk.GLib.PACRunner" member="Lookup" error name="(unset)" requested_reply="0" destination=":1.124" (uid=1000 pid=2530 comm="/usr/libexec/glib-pacrunner " label="unconfined")
Apr 05 10:39:37 fotsies-ubuntu-vm snap-store[2323]: Result of screenshot downloading attempt with status code '7': GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.123" (uid=1000 pid=2323 comm="/snap/snap-store/336/usr/bin/snap-store " label="snap.snap-store.ubuntu-software (enforce)") interface="org.gtk.GLib.PACRunner" member="Lookup" error name="(unset)" requested_reply="0" destination=":1.124" (uid=1000 pid=2530 comm="/usr/libexec/glib-pacrunner " label="unconfined")
Apr 05 10:39:37 fotsies-ubuntu-vm snap-store[2323]: not handling error invalid-format for action refine: server returned no data
Apr 05 10:39:37 fotsies-ubuntu-vm snap-store[2323]: not handling error failed for action refine: Invalid string value converting to GVariant

However, I do also see a huge amount more AppArmor DENIES for this particular process.

I've attempted to set the AppArmor profile for the snap store to complain, but simply don't know how:

root@fotsies-ubuntu-vm:~# aa-status
apparmor module is loaded.
30 profiles are loaded.
30 profiles are in enforce mode.
   /snap/core/8935/usr/lib/snapd/snap-confine
   /snap/core/8935/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-previewer//sanitized_helper
   /usr/bin/evince-thumbnailer
   /usr/bin/evince//sanitized_helper
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/lib/snapd/snap-confine
   /usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /usr/sbin/cups-browsed
   /usr/sbin/cupsd
   /usr/sbin/cupsd//third_party
   /usr/sbin/tcpdump
   /{,usr/}sbin/dhclient
   ippusbxd
   lsb_release
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
   snap-update-ns.core
   snap-update-ns.snap-store
   snap.core.hook.configure
   snap.snap-store.snap-store
   snap.snap-store.ubuntu-software
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode.
   /usr/sbin/cups-browsed (971)
   /usr/sbin/cupsd (834)
   /snap/snap-store/336/usr/bin/snap-store (2323) snap.snap-store.ubuntu-software
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
root@fotsies-ubuntu-vm:~# ps -ef | grep -i snap
root 877 1 0 10:38 ? 00:00:01 /usr/lib/snapd/snapd
fots 2323 1872 2 10:39 ? 00:00:05 /snap/snap-store/336/usr/bin/snap-store
root 4157 3125 0 10:43 pts/0 00:00:00 grep --color=auto -i snap
root@fotsies-ubuntu-vm:~# aa-complain /snap/snap-store/336/usr/bin/snap-store
Profile for /snap/snap-store/336/usr/bin/snap-store not found, skipping

This is the version of the snap store I see on my system:

Name Version Rev Tracking Publisher Notes
snap-store 20200401.4cde4f1 336 latest/stable/… canonical✓ -

Any help is greatly appreciated
Fotis

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: snapd 2.44.2+20.04
ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
Uname: Linux 5.4.0-21-generic x86_64
ApportVersion: 2.20.11-0ubuntu22
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Apr 7 21:23:37 2020
InstallationDate: Installed on 2020-04-04 (3 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200402)
ProcEnviron:
 LANGUAGE=en_AU:en
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: snapd
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.sudoers.d.99-snapd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/sudoers.d/99-snapd.conf']

Revision history for this message
Fotis Gimian (fgimian) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snapd (Ubuntu):
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in snapd (Ubuntu):
status: Confirmed → Triaged
Changed in snapd:
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, https://github.com/snapcore/snapd/pull/8873 should have the fix for this.

Revision history for this message
Fotis Gimian (fgimian) wrote :

Awesome, thank you so much!! :)

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I'm marking this as fix released based on the history of the referenced pull request.

Changed in snapd:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.