htop-snap
htop-snap copied to clipboard
Published
20 hours ago •
maxiberta
maxiberta
I/O tab N/A on Debian/Ubuntu
I/O tab shows N/A on fresh install of Ubuntu/Debian (any version, e.g. Ubuntu 22.04, Debian 11). I've connected all plugs. I see no errors in syslog from apparmor. There is no this issue on CentOS snap. Same issue has other users too (#18).
May be this is related, but I see this not every time:
kernel: [87874.809717] audit: type=1400 audit(1678972246.849:72): apparmor="DENIED" operation="capable" profile="/snap/snapd/18357/usr/lib/snapd/snap-confine" pid=3095775 comm="snap-confine" capability=12 capname="net_admin"
kernel: [87874.811390] audit: type=1400 audit(1678972246.849:73): apparmor="DENIED" operation="capable" profile="/snap/snapd/18357/usr/lib/snapd/snap-confine" pid=3095775 comm="snap-confine" capability=38 capname="perfmon"
Environment and debug:
# snap debug confinement
strict
# snap debug sandbox-features
apparmor: kernel:caps kernel:dbus kernel:domain kernel:file kernel:ipc kernel:mount kernel:namespaces kernel:network kernel:network_v8 kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:cap-audit-read parser:cap-bpf parser:mqueue parser:qipcrtr-socket parser:unsafe parser:xdp policy:default support-level:full
confinement-options: classic devmode strict
dbus: mediated-bus-access
kmod: mediated-modprobe
mount: layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation
seccomp: bpf-actlog bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap kernel:user_notif
udev: tagging
# snap connections htop
Interface Plug Slot Notes
hardware-observe htop:hardware-observe :hardware-observe -
mount-observe htop:mount-observe :mount-observe manual
network htop:network :network -
network-control htop:network-control :network-control manual
process-control htop:process-control :process-control -
system-observe htop:system-observe :system-observe -
# snap list
Name Version Rev Tracking Publisher Notes
certbot 2.4.0 2836 latest/stable certbot-eff✓ classic
core20 20230207 1828 latest/stable canonical✓ base
core22 20230210 522 latest/stable canonical✓ base
htop 3.2.2 3654 latest/stable maxiberta -
snapd 2.58.2 18357 latest/stable canonical✓ snapd
# SNAPD_DEBUG=1 SNAP_CONFINE_DEBUG=1 snap run htop
2023/03/16 16:06:27.914156 tool_linux.go:204: DEBUG: restarting into "/snap/snapd/current/usr/bin/snap"
2023/03/16 16:06:27.930338 logger.go:184: DEBUG: -- snap startup {"stage":"start", "time":"1678971987.930332"}
2023/03/16 16:06:27.938103 cmd_run.go:1037: DEBUG: executing snap-confine from /snap/snapd/18357/usr/lib/snapd/snap-confine
2023/03/16 16:06:27.939851 cmd_run.go:440: DEBUG: SELinux not enabled
2023/03/16 16:06:27.939922 tracking.go:46: DEBUG: creating transient scope snap.htop.htop
2023/03/16 16:06:27.939942 tracking.go:189: DEBUG: session bus is not available: cannot find session bus
2023/03/16 16:06:27.939950 tracking.go:191: DEBUG: falling back to system bus
2023/03/16 16:06:27.940724 tracking.go:196: DEBUG: using system bus now, session bus was not available
2023/03/16 16:06:27.942291 tracking.go:319: DEBUG: create transient scope job: /org/freedesktop/systemd1/job/1571
2023/03/16 16:06:27.959259 tracking.go:419: DEBUG: job result is "done"
2023/03/16 16:06:27.959310 tracking.go:426: DEBUG: transient scope snap.htop.htop.33fce624-45a0-494b-870a-0859a05e9c21.scope created
2023/03/16 16:06:27.959691 tracking.go:146: DEBUG: waited 18.893718ms for tracking
2023/03/16 16:06:27.959721 logger.go:184: DEBUG: -- snap startup {"stage":"snap to snap-confine", "time":"1678971987.959717"}
DEBUG: -- snap startup {"stage":"snap-confine enter", "time":"1678971987.962342"}
DEBUG: umask reset, old umask was 022
DEBUG: security tag: snap.htop.htop
DEBUG: executable: /usr/lib/snapd/snap-exec
DEBUG: confinement: non-classic
DEBUG: base snap: core22
DEBUG: ruid: 0, euid: 0, suid: 0
DEBUG: rgid: 0, egid: 0, sgid: 0
DEBUG: apparmor label on snap-confine is: /snap/snapd/18357/usr/lib/snapd/snap-confine
DEBUG: apparmor mode is: enforce
DEBUG: -- snap startup {"stage":"snap-confine mount namespace start", "time":"1678971987.963121"}
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope (global), uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: releasing lock 5
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: opened snap-discard-ns executable as file descriptor 6
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: opening lock file: /run/snapd/lock/htop.lock
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: acquiring exclusive lock (scope htop, uid 0)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: htop
DEBUG: setting up device cgroup
DEBUG: libudev has current tags support
DEBUG: device /sys/devices/virtual/misc/rfkill has matching current tag
DEBUG: get bpf object at path /sys/fs/bpf/snap/snap_htop_htop
DEBUG: found existing device map
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: get next key for map 8
DEBUG: found 18 existing entries in devices map
DEBUG: delete key for c 139:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 143:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:9
DEBUG: delete elem in map 8
DEBUG: delete key for c 138:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:3
DEBUG: delete elem in map 8
DEBUG: delete key for c 142:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 136:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 137:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:2
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:242
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:1
DEBUG: delete elem in map 8
DEBUG: delete key for c 141:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:5
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:8
DEBUG: delete elem in map 8
DEBUG: delete key for c 140:-1
DEBUG: delete elem in map 8
DEBUG: delete key for c 5:0
DEBUG: delete elem in map 8
DEBUG: delete key for c 10:200
DEBUG: delete elem in map 8
DEBUG: delete key for c 1:7
DEBUG: delete elem in map 8
DEBUG: load program of type 0xf, 33 instructions
DEBUG: v2 allow c 1:3
DEBUG: v2 allow c 1:5
DEBUG: v2 allow c 1:7
DEBUG: v2 allow c 1:8
DEBUG: v2 allow c 1:9
DEBUG: v2 allow c 5:0
DEBUG: v2 allow c 5:1
DEBUG: v2 allow c 5:2
DEBUG: v2 allow c 136:4294967295
DEBUG: v2 allow c 137:4294967295
DEBUG: v2 allow c 138:4294967295
DEBUG: v2 allow c 139:4294967295
DEBUG: v2 allow c 140:4294967295
DEBUG: v2 allow c 141:4294967295
DEBUG: v2 allow c 142:4294967295
DEBUG: v2 allow c 143:4294967295
DEBUG: v2 allow c 10:200
DEBUG: inspecting type of device: /dev/rfkill
DEBUG: v2 allow c 10:242
DEBUG: device /sys/devices/virtual/misc/tun has matching current tag
DEBUG: inspecting type of device: /dev/net/tun
DEBUG: v2 allow c 10:200
DEBUG: device /sys/module/rfkill has matching current tag
DEBUG: cannot get major/minor numbers for syspath /sys/module/rfkill
DEBUG: process in cgroup /system.slice/snap.htop.htop.33fce624-45a0-494b-870a-0859a05e9c21.scope
DEBUG: cgroup /sys/fs/cgroup//system.slice/snap.htop.htop.33fce624-45a0-494b-870a-0859a05e9c21.scope opened at 12
DEBUG: attach type 0x6 program 10 to cgroup 12
DEBUG: associated snap application process 348196 with device cgroup snap.htop.htop
DEBUG: forked support process 348212
DEBUG: changing apparmor hat to mount-namespace-capture-helper
DEBUG: helper process waiting for command
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: block device of snap core22, revision 547 is 7:5
DEBUG: sanity timeout initialized and set for 30 seconds
DEBUG: joining preserved mount namespace for inspection
DEBUG: found base snap device 7:5 on /
DEBUG: sanity timeout reset and disabled
DEBUG: preserved mount is not stale, reusing
DEBUG: joined preserved mount namespace htop
DEBUG: releasing lock 7
DEBUG: sending command 0 to helper process (pid: 348212)
DEBUG: sanity timeout reset and disabled
DEBUG: helper process received command 0
DEBUG: helper process exiting
DEBUG: waiting for response from helper
DEBUG: waiting for the helper process to exit
DEBUG: helper process exited normally
DEBUG: resetting PATH to values in sync with core snap
DEBUG: -- snap startup {"stage":"snap-confine mount namespace finish", "time":"1678971987.970799"}
DEBUG: set_effective_identity uid:0 (change: yes), gid:0 (change: yes)
DEBUG: creating user data directory: /root/snap/htop/3654
DEBUG: requesting changing of apparmor profile on next exec to snap.htop.htop
DEBUG: ruid: 0, euid: 0, suid: 0
DEBUG: loading bpf program for security tag snap.htop.htop
DEBUG: read 6608 bytes from /var/lib/snapd/seccomp/bpf//snap.htop.htop.bin
DEBUG: read 152 bytes from /var/lib/snapd/seccomp/bpf/global.bin
DEBUG: execv(/usr/lib/snapd/snap-exec, /usr/lib/snapd/snap-exec...)
DEBUG: argv[1] = htop
DEBUG: umask restored to 022
DEBUG: working directory restored to /root
DEBUG: -- snap startup {"stage":"snap-confine to snap-exec", "time":"1678971987.972417"}
2023/03/16 16:06:27.975617 logger.go:184: DEBUG: -- snap startup {"stage":"snap-exec to app", "time":"1678971987.975612"}
