我最近尝试在 20.10 上使用几个 snap 包。我遇到了麻烦。所以我回到了第一原则。如以下回复所示：

• 当 $HOME 不是 /home/$USER 时如何使用 Snap 包？

  snap install hello-world

  并添加以下命令的输出：

  SNAP_CONFINE_DEBUG=yes hello-world

  dmesg | grep DENIED

不幸的是，它hello-world根本不起作用。输出在问题的末尾。我对 Ask Ubuntu 的问题很简单：

• 在绑定安装步骤之后，运行 snap 还需要哪些其他步骤？
• 控制台输出中是否存在一些我可以纠正的错误配置？
• 这是一个错误、配置错误还是用户错误？
• 如何确保“大多数时间”顺利执行 snap ？

请继续阅读以了解详情...

安装后hello-world，我尝试运行它，结果如下：

 hello-world
 cannot perform operation: mount --rbind /dev /tmp/snap.rootfs_un1MrN//dev: No such file or directory

此外：SNAP_CONFINE_DEBUG=yes hello-world，诊断导致了相同类型的错误：

     ;
     :
 cannot perform operation: mount --rbind /dev /tmp/snap.rootfs_sJmTk8//dev: No such file or directory

但是这个目录存在 -- 问题涉及权限。是的，目录存在。否，我无权访问该目录：snap.rootfs_un1MrN/，完全无权。显然，这个目录对于运行是必需的hello-world...

 ls -la  -d /tmp/snap*
 drwx------ 2 root will 4096 Jan 11 10:18 /tmp/snap.rootfs_sdo6fl/
 drwx------ 2 root will 4096 Jan 11 10:16 /tmp/snap.rootfs_sJmTk8/
 drwx------ 2 root will 4096 Jan 11 10:17 /tmp/snap.rootfs_un1MrN/

我的登录名是id=(will)和gid=(will)。据我观察，我需要对目录的组访问权限才能正常工作。我怀疑这是否是预期的。我认为双斜杠（//）没有任何区别。但我想知道是否有缺失的文本片段。

全面披露我正在运行我的主目录bind挂载-编辑改为/home/will/：

 mount --bind /data/home/will  /home/will

解决 snap 主目录的缺点。如果 hello-world 都无法启动，我想知道将来是否还有机会使用 snap 打包软件。

希望有一些想法可以推动。不幸的是，有些看似有用的工具我无法利用，因为它们目前只是临时的。

版本

 snap list hello-world; snap --version
 Name         Version  Rev  Tracking       Publisher   Notes
 hello-world  6.4      29   latest/stable  canonical✓  -
 
 snap    2.48+20.10
 snapd   2.48+20.10
 series  16
 ubuntu  20.10
 kernel  5.8.0-36-generic

参考

• Snap（snapd）hello-world示例不起作用（找不到路径？）
• 当 $HOME 不是 /home/$USER 时如何使用 Snap 包？

输出

sudo dmesg| grep DENIED

 [   34.324082] audit: type=1400 audit(1610318223.394:51): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/proc/1040/attr/apparmor/current" pid=1040 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
 [ 2400.019690] audit: type=1400 audit(1610320590.299:57): apparmor="DENIED" operation="open" profile="/usr/lib/snapd/snap-confine" name="/fast/ubuntu/var/lib/snapd/cookie/snap.hello-world" pid=15128 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

SNAP_CONFINE_DEBUG=yes hello-world

  $ sudo snap install hello-world
 [sudo] password for will: 
 hello-world 6.4 from Canonical✓ installed
 
  $ SNAP_CONFINE_DEBUG=yes hello-world
 DEBUG: umask reset, old umask was   02
 DEBUG: security tag: snap.hello-world.hello-world
 DEBUG: executable:   /usr/lib/snapd/snap-exec
 DEBUG: confinement:  non-classic
 DEBUG: base snap:    core
 DEBUG: ruid: 1000, euid: 0, suid: 0
 DEBUG: rgid: 1000, egid: 1000, sgid: 1000
 DEBUG: apparmor label on snap-confine is: /usr/lib/snapd/snap-confine
 DEBUG: apparmor mode is: enforce
 DEBUG: creating lock directory /run/snapd/lock (if missing)
 DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
 DEBUG: opening lock directory /run/snapd/lock
 DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
 DEBUG: opening lock file: /run/snapd/lock/.lock
 DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
 DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
 DEBUG: sanity timeout initialized and set for 30 seconds
 DEBUG: acquiring exclusive lock (scope (global), uid 0)
 DEBUG: sanity timeout reset and disabled
 DEBUG: ensuring that snap mount directory is shared
 DEBUG: unsharing snap namespace directory
 DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
 DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
 DEBUG: releasing lock 5
 DEBUG: opened snap-update-ns executable as file descriptor 5
 DEBUG: opened snap-discard-ns executable as file descriptor 6
 DEBUG: creating lock directory /run/snapd/lock (if missing)
 DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
 DEBUG: opening lock directory /run/snapd/lock
 DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
 DEBUG: opening lock file: /run/snapd/lock/hello-world.lock
 DEBUG: set_effective_identity uid:0 (change: no), gid:0 (change: yes)
 DEBUG: set_effective_identity uid:0 (change: no), gid:1000 (change: yes)
 DEBUG: sanity timeout initialized and set for 30 seconds
 DEBUG: acquiring exclusive lock (scope hello-world, uid 0)
 DEBUG: sanity timeout reset and disabled
 DEBUG: initializing mount namespace: hello-world
 DEBUG: snappy_udev_init
 DEBUG: forked support process 15141
 DEBUG: unsharing the mount namespace (per-snap)
 DEBUG: changing apparmor hat to mount-namespace-capture-helper
 DEBUG: scratch directory for constructing namespace: /tmp/snap.rootfs_sJmTk8DEBUG: helper process waiting for command
 DEBUG: DEBUG: sanity timeout initialized and set for 30 seconds performing operation: (disabled) use debug build to see details
 DEBUG: performing operation: (disabled) use debug build to see details
 DEBUG: performing operation: (disabled) use debug build to see details
 DEBUG: performing operation: (disabled) use debug build to see details
 DEBUG: performing operation: (disabled) use debug build to see details
 DEBUG: performing operation: (disabled) use debug build to see details
 cannot perform operation: mount --rbind /dev /tmp/snap.rootfs_sJmTk8//dev: No such file or directory