When was able to install `snapd` fine and I installed an app, `hey-mail`, just fine; but when I try to launch it, it says `/usr/lib/snapd/snap-confine: error while loading shared libraries: libgcc_s.so.1: failed to map segment from shared object`. From what I was able to gather, it seems like a permissions issue of some sort. Reproducible: Always
Please attach the logs rather than using pastebins.
Created attachment 765835 [details] emerge --info snapd
So it turns out that the AppArmor profile for `snap-confine` needs to be updated in order for it to `snapd` to work without a problem. I don't know if by default though it should be like this, either way, it makes sense that it be up to the user to grant the type of access it's asking for. Therefore, you can close this if you'd like.
(In reply to Randall from comment #3) > So it turns out that the AppArmor profile for `snap-confine` needs to be > updated in order for it to `snapd` to work without a problem. > > I don't know if by default though it should be like this, either way, it > makes sense that it be up to the user to grant the type of access it's > asking for. > > Therefore, you can close this if you'd like. I think it's a valid bug if the apparmor profiles need fixing?
It could be, in the sense that it deviates from what happens on other distros. (Although, I have limited evidence to support this, but jugding from what the vendor and other users seem to state, I make this assumption) That said, considering that `snapd` seems to have on-going security issues (ref: https://www.zdnet.com/article/multiple-vulnerabilities-found-in-snap-confine-function-on-linux-systems/), it's not a terrible idea to leave the security profiles the way they are and let the user decide if they really want to give access to `snap-confine` via `AppArmor`. At the very least, it makes users aware, NTM it somewhat provides a barrier for folks that don't know what they're doing with snapd and AppArmor.
