nvtop
nvtop copied to clipboard
Syllo
AppArmor complaints about nvtop via snap
From dmesg | grep nvtop:
[ 4.168334] systemd[1]: Mounting Mount unit for nvtop, revision 66...
[ 5.639143] audit: type=1400 audit(1670626277.332:29): apparmor="STATUS" operation="profile_load" profile="unconfined" name="snap-update-ns.nvtop" pid=617 comm="apparmor_parser"
[ 108.023408] audit: type=1400 audit(1670626379.550:79): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/config" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 108.024424] audit: type=1400 audit(1670626379.550:80): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/config" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 108.024426] audit: type=1400 audit(1670626379.550:81): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/config" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 108.024427] audit: type=1400 audit(1670626379.550:82): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/monitor" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 108.024428] audit: type=1400 audit(1670626379.550:83): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/monitor" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 108.024429] audit: type=1400 audit(1670626379.550:84): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/driver/nvidia/capabilities/mig/monitor" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 110.417257] audit: type=1400 audit(1670626381.942:85): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/2040/fdinfo/" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[ 110.417267] audit: type=1400 audit(1670626381.942:86): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/2073/fdinfo/" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[ 110.417271] audit: type=1400 audit(1670626381.942:87): apparmor="DENIED" operation="open" profile="snap.nvtop.nvtop" name="/proc/2074/fdinfo/" pid=3823 comm="nvtop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
The /proc/$NNNN/fdinfo lines repeat extensively.
From lsb_release -a:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
From uname -a (note, I removed the actual hostname below):
Linux $HOSTNAME 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
I'm new to using nvtop so I'm not sure what exactly might be breaking. The only problem I've seen so far is that the README.md doc says to do snap connect nvtop:kubernetes-support after the snap installation, but that generates the error:
error: snap "nvtop" has no plug named "kubernetes-support"
Same as all the above as well, even --classic doesn't help. I can manually assigned an AppArmor profile but that's supposed to be done by snap based on information given by the program build to know what to access, so I'm guessing something is incomplete there?
Same issue for me... Is there a workaround? snap connect nvtop:kubernetes-support also doesn't work for me. Running Ubuntu 22.04.4 and installed nvtop via snap.
It looks like @Syllo might have removed it on this commit: https://github.com/Syllo/nvtop/commit/4c471b19e5b447c6007be5ac3f098097885edcc7#diff-56759910381a014fecfd7556dd72ddd68c747d922a5b7df2044b9ce7c552f5f5L26-R29
IDK why it was removed, but I'm getting the same errors on my install too... I'd imagine if @Syllo wanted to add it back they could just un-comment & do another release.
