2

I just upgraded my desktop from Ubuntu 22.04 to 24.04. Many apps are now in the snap store. In particular Firefox, Opera, Chromium and Thunderbird. When I launch these apps none are able to connect to the internet. I have chrome installed outside the snap system and it works fine. I note that snap apps are sandboxed so am thinking that this sandbox has somehow isolated itself from the internet. Is there a configuration page/app anywhere to check this? This problem is very serious as Ubuntu has decided to integrate many apps into the snap system. When you use apt to install new ones often they push the snaps rather than the old deb packages.

Any advice gratefully received....

ETA: I have tried the snap apps with a different user account and a different desktop and the same problem persists.

ETAA: I looked in the logfile "syslog" and am getting repeated messages like the following:

kernel: audit: type=1400 audit(1714071244.649:4405): apparmor="DENIED" operation="open" class="file" profile="snap.opera.opera" name="/etc/resolv-manual.conf" pid=44147 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

when trying to access the internet from Opera (here) but also Firefox. The file /etc/resolv-manual.conf contains the ip address of the DNS (Domain Name Server). So the snap apps are apparently being prevented from accessing the DNS server by apparmor which is a security app. Looks like it isn't configured properly for some reason.

Artur Meinild
  • 31,385
richo123
  • 51
  • Do you have a Help -> More Troubleshooting ->Refresh Firefox? – eyoung100 Apr 25 '24 at 17:15
  • If you mean within Firefox then yes. I did the Refresh Firefox but it didn't help unfortunately. This seems to be a snap wide problem as Opera does the same as does Thunderbird. – richo123 Apr 25 '24 at 18:26
  • Would you like to Disable Snap or Keep it? Researching fixes for your issue has made me want to stay away from Ubuntu for the near future, as it looks like Snap is going to have some growing pains. – eyoung100 Apr 25 '24 at 19:04
  • Continuing: Are you using TailScale? If so, see DNS Support breaks resolving for SNAP on Ubuntu #683, and possibly here: Upgrade snapd from 2.59.5 to 2.60.2 gives apparmor DENIED on app launch – eyoung100 Apr 25 '24 at 19:28
  • Yes I'm seriously considering disabling it. It appears though that Ubuntu have really upped the snap integration in 24.04 compared to 22.04. These sort of bugs are not great in a LTS release. – richo123 Apr 25 '24 at 19:29
  • Well, I can help you remove it if you like, or we can try the staggered upgrade approach, but I don't think you can revert back to 22.04. Staggered meaning 22.04 -> 22.10 -> 23.04 -> 23.10 -> 24.04 – eyoung100 Apr 25 '24 at 19:33
  • Yes if you could help with a removal I would greatly appreciate it. I have used the apt system for many years and it is much more transparent than snap at least at this stage of development. – richo123 Apr 25 '24 at 19:40
  • Let me catch up on some work, and I'll post an answer. It's a 2-step process as APT will pull in snap packages if apt install <package> has a <package> available in snap, so we have to uninstall snap and then configure APT to not use the snap wrapper – eyoung100 Apr 25 '24 at 20:23
  • Thanks that is very helpful. – richo123 Apr 25 '24 at 20:37
  • Answer now written. Let me know if that helped. I'm curious to help track down the issue that causes this. Essentially, what's happening is that the DNS settings inside the SNAP packages cannot fetch the OS settings where the DNS info is stored, i.e., resolv.conf. – eyoung100 Apr 25 '24 at 22:33

2 Answers2

3

I found the resolution of the issue from one of the hints eyoung100 made earlier. He mentioned that people have had issues with tailscale and snaps. I looked at the problem they reported and noted that it occurs when the file /etc/resolv.conf was a symlink to another file. This symlinking cannot be handled by snap which causes DNS resolution to fail.

I am not using tailscale BUT /etc/resolv.conf is symlinked to /etc/resolv-manual.conf on my system because I wanted to manually set my DNS server. The problem with just using an actual /etc/resolv.conf file instead of /etc/resolv-manual.conf is that NetworkManager resets this file to what it wants so overwrites it.

To resolve this I used this procedure from Redhat to stop NetworkManager overwriting /etc/resolv.conf

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking

I then moved my /etc/resolv-manual.conf to /etc/resolv.conf thus removing the offending symlink.

Snap now works! (I tested opera and chromium)

Quite the subtle bug and MANY thanks to eyoung100 for all his help. I hope his excellent answer on removing snap can be of help to others.

richo123
  • 51
1

Issue

As the OP has stated, I can safely assume that no Internet Application that requires a DNS lookup to "travel" anywhere on the internet works. I posted some comments about what the possibilities for the cause could be but after Googling for snap package firefox does not connect to internet decided against trying to track down the cause. The general consensus in all of the results was that Snap and it's mechanisms have some issues. I thought about letting someone else tackle this question until I realized: Even though Canonical has chosen this as a strategic design decision, maybe we can turn it off. And now I present the rather involved procedure:

Removing Snap Packages

  1. First, we make sure it's installed as a sanity test: snap --version
  2. Now let's gather which snap packages are installed as part of the core: snap list. Write all these down or > them to a file to print as we're going to remove them shortly.
  3. To remove, issue: snap remove followed by the package name from the output in step 2.
    • To verify that the entire list is removed, reissue a snap list. As your final output, you should see: snap list

No snaps are installed yet. Try 'snap install hello-world'.

Removing Snap Daemon

  1. Stop SystemD Service: sudo systemctl stop snapd
  2. Disable the Service: sudo systemctl disable snapd
  3. Mask the Service: sudo systemctl mask snapd
    • Masking a service symlinks it to dev/null. This effectively sends every call for a restart etc to oblivion
  4. Uninstall snapd: apt remove snapd -y
  5. Hold the package in the removed state during upgrades and installs: sudo apt-mark hold snapd

Remove Leftover Cruft

With Snapd now removed, we can clean up the mess left by configuration files etc.

  1. Remove Snap Cruft:
rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd

Turn off the APT wrapper

Create the nosnap preferences file. This will keep APT from pulling in Snap itself:

## Thank Linux Mint for this jewel.
## See: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html
sudo cat <<EOF | sudo tee /etc/apt/preferences.d/nosnap.pref
Package: snapd
Pin: release a=*
Pin-Priority: -10
EOF

The above preferences file globs all snap package versions installed by APT and drops the priority below 0. This ensures APT will never install snapd.

Sanity Test

To make sure we've completed our modifications correctly, let's try installing Chromium which is only available as a Snap Package:

sudo apt install chromium-browser
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:


The following packages have unmet dependencies:
chromium-browser : PreDepends: snapd but it is not installable
E: Unable to correct problems, you have held broken packages.

Now What??

Well we need a browser or two, plus all the packages we removed. For the purposes of this answer, I'm going to link to Chromium and Firefox but Googling for install <package> not snap ubuntu should find plenty of results for whatever <package> needed.

  1. Install Firefox not snap
  2. How to install Chromium without snap? - Replace Eoan with Buster

As the DebugPoint link suggests, always use --install-suggests to prevent installing snap packages by accident. In most cases, you should get the warning like Chromium above, but it's always better to be safe than sorry.

Note: While mixing distributions isn't recommended, it's now our only choice since we have totally disabled the Snap packaging mechanic. See: Don't Make a Frankendebian. Generally speaking, never mix two main repositories. I expect that since you're only installing Apps that a Frakendebian will not be created.

PS. Since Snap is now disabled, you're free to investigate the DNS issue that caused this. After you find it, I would report a bug to the offending package maintainers, fix as they advise and then reverse this fix. At some point the ability to prevent APT from using Snapd may be removed. As a starting point, I would consider doing a clean install of 22.04 on an extra PC/laptop and do a staged upgrade path like I commented. You can't use a VM on your current install as we fixed the broken parts before we installed a VM, which defeats the troubleshooting.

eyoung100
  • 975
  • Aren't critical system functions like printing snapifyed now? – Organic Marble Apr 26 '24 at 01:21
  • I don't believe so, unless CUPS is now a Snap Package – eyoung100 Apr 26 '24 at 21:29
  • https://www.webpronews.com/ubuntu-postpones-transition-to-snap-cups-till-ubuntu-24-04/ – Organic Marble Apr 26 '24 at 21:32
  • I'm not surprised. Packaging all the dependencies in the SLAP ends up saving server space for their enterprise customers and the normal user has the trickle down effect, which shrinks the ubuntu repos for non-developers back into manageable sizes. My guess is Canonical is not making as much money as they want, and they're forcing this adoption to save money on infrastructure. Just a guess... That will work until there are enterprise users who cant migrate mission critical installs past 24.04. – eyoung100 Apr 26 '24 at 22:05
  • Be careful - the default profile locations for Firefox and Thunderbird are now inside the snap folder. So if you haphazardly remove these folders the profile goes with it. – Kingsley May 18 '24 at 02:16
  • 1
    @Kingsley Please see https://askubuntu.com/a/1439312/590937 – mook765 May 29 '24 at 20:21
  • @mook765 Thanks for that. But I did a backup and re-install, not knowing that Ubuntu devs had changed the firefox & thunderbird user storage location from where it's been kept for the last ~20 years. So I backed up the old settings. /mad – Kingsley May 30 '24 at 02:17