Microk8s: snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks

Hi @a1exus ,

This error seems to be related to snapd. What distribution are you using? Looking at this https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-error/2391/3 , Is it possible you are not running the default kernel?

Thanks

@ktsakalozos thank you for your response, I'm running default kernel that came with Kali distro:

toor@suey:~$ cat /etc/lsb-release 
DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
toor@suey:~$ 
toor@suey:~$ uname -a
Linux suey.nknwn.local 4.18.0-kali3-amd64 #1 SMP Debian 4.18.20-2kali2 (2018-11-30) x86_64 GNU/Linux
toor@suey:~$ 

Hi,

This has to be reported to the snapcraft team possibly at
https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-error/2391
or
on a new topic. This is out of my hands. I am sorry.

On Thu, Apr 25, 2019 at 4:09 PM xOrMalware notifications@github.com wrote:

I am experiencing the same problem. But I would like to give a little bit
more information. I am using trying to use Bitwarden.

If I install snapd. reboot, start snap service, reboot, install bit
warden. I can get bitwarden to run. However, if I reboot, then try to run
bitwarden, I get the error snap-confine has elevated permissions.

So I am not convinced this is as simple as a kernel issue, as I am
surprised, I was able to get the app to run at all.

but uname -a

Linux Kernel 4.19.0-kali4-amd64 …..

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/ubuntu/microk8s/issues/249#issuecomment-486665522,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACXVBLEXUPXNC6TOUNJIGU3PSGUQXANCNFSM4GKUBYBA
.

1. Check if snap core is not broken
   $ snap list
2. Update the following package
   A. apparmor
   $ sudo apt-get install apparmor

Now everything will work

The same error occurs if apparmor service stopped or disabled.

Please report this issue to https://forum.snapcraft.io. Thank you.

@a1exus
you can also fix it with

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

According to the conversation in [Ubuntu Forum], this particular answer, fixed my problem.

So, just install apparmor if don't have it already, and then enable it by:
systemctl enable --now apparmor.service

Note: For some reasons, it asks for password multiple times. In my case, 5 times!! Don't give up! :)

sudo systemctl enable --now apparmor.service

fixed the issue for me. Asked for password once :tongue:

@a1exus
you can also fix it with

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

This works for me, but I have to do it after every reboot

According to the conversation in [Ubuntu Forum], this particular answer, fixed my problem.

So, just install apparmor if don't have it already, and then enable it by:
systemctl enable --now apparmor.service

Note: For some reasons, it asks for password multiple times. In my case, 5 times!! Don't give up! :)

fixed my problem thanks ^_^

@a1exus
you can also fix it with

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

@dxas90 after running this I got
cannot change profile for the next exec call: No such file or directory
trying to up docker containers.

@a1exus
you can also fix it with

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

this worked for me ..thanks !!

The same error occurs if apparmor service stopped or disabled.

true it fixed my anbox snap installation