I should add that at the moment, my first problem is still that NFS seems not permitted at all:
$ aptitude show snapd Package: snapd Version: 2.47.1+20.04 State: installed # snap install pdftk 2020-10-26T15:12:47Z INFO Waiting for automatic snapd restart... pdftk 2.02-4 from Scott Moser (smoser) installed $ /snap/bin/pdftk 2020/10/26 17:28:48.784329 cmd_run.go:570: WARNING: XAUTHORITY environment value is not a clean path: "/auto/homes/mgk25/.Xauthority" cannot open path of the current working directory: Permission denied $ dmesg [ 8862.382001] nfs: RPC call returned error 13 [ 8862.382037] audit: type=1400 audit(1603733328.782:345): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=54514 comm="snap-confine" laddr=2001:630:272:238:3656:c6fd:1234:5678 lport=844 faddr=2a05:b400:110:a9::4321:abcd fport=2049 family="inet6" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" So I suspect the first problem is still that "network inet6" is not allowed, and therefore any form of NFS remains blocked. snapd apparently did not detect that I am using an autofs home directory. I should probably add that on the centrally-managed Linux desktop that I use, the automount tables are disseminated via LDAP, as described e.g. in https://help.ubuntu.com/community/AutofsLDAP In particular, /etc/nsswitch.conf contains "ldap" in the following three lines: passwd: files systemd ldap group: files systemd ldap automount: ldap Therefore: can snapd reliably detect autofs mount points that are added via LDAP? If not, is there some manual switch by which we can tell snapd that all my snaps will need network access, as I am going to use them routinely via NFS? But lack of "network" permissions is not the only problem: If I follow the workaround described in the bug-report above, by adding the lines # see https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552 network inet, network inet6, to both /etc/apparmor.d/abstractions/base /etc/apparmor.d/usr.lib.snapd.snap-confine.real then the error message I get changes to $ /snap/bin/pdftk 2020/10/26 17:48:11.825599 cmd_run.go:570: WARNING: XAUTHORITY environment value is not a clean path: "/auto/homes/mgk25/.Xauthority" cannot perform operation: mount --rbind /home /tmp/snap.rootfs_NnRQQa//home: Permission denied $ dmesg [10025.430756] audit: type=1400 audit(1603734491.825:351): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/tmp/snap.rootfs_NnRQQa/home/" pid=57898 comm="snap-confine" srcname="/auto/homes/" flags="rw, rbind" We have already in /etc/apparmor.d/tunables/home the lines @{HOME}=@{HOMEDIRS}/*/ /root/ @{HOMEDIRS}=/home/ /auto/homes/ to indicate where our automounted home directories are. Any idea what me be going wrong there? P.S.: Note that on my Ubuntu 20.04 system, the file /etc/apparmor.d/usr.lib.snapd.snap-confine mentioned above does not exist, and instead there is /etc/apparmor.d/usr.lib.snapd.snap-confine.real -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662552 Title: snaps don't work with NFS home To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1662552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
