2

I just upgraded my desktop from Ubuntu 22.04 to 24.04. Many apps are now in the snap store. In particular Firefox, Opera, Chromium and Thunderbird. When I launch these apps none are able to connect to the internet. I have chrome installed outside the snap system and it works fine. I note that snap apps are sandboxed so am thinking that this sandbox has somehow isolated itself from the internet. Is there a configuration page/app anywhere to check this? This problem is very serious as Ubuntu has decided to integrate many apps into the snap system. When you use apt to install new ones often they push the snaps rather than the old deb packages.

Any advice gratefully received....

ETA: I have tried the snap apps with a different user account and a different desktop and the same problem persists.

ETAA: I looked in the logfile "syslog" and am getting repeated messages like the following:

kernel: audit: type=1400 audit(1714071244.649:4405): apparmor="DENIED" operation="open" class="file" profile="snap.opera.opera" name="/etc/resolv-manual.conf" pid=44147 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

when trying to access the internet from Opera (here) but also Firefox. The file /etc/resolv-manual.conf contains the ip address of the DNS (Domain Name Server). So the snap apps are apparently being prevented from accessing the DNS server by apparmor which is a security app. Looks like it isn't configured properly for some reason.

Artur Meinild
  • 31,035
richo123
  • 51

2 Answers2

3

I found the resolution of the issue from one of the hints eyoung100 made earlier. He mentioned that people have had issues with tailscale and snaps. I looked at the problem they reported and noted that it occurs when the file /etc/resolv.conf was a symlink to another file. This symlinking cannot be handled by snap which causes DNS resolution to fail.

I am not using tailscale BUT /etc/resolv.conf is symlinked to /etc/resolv-manual.conf on my system because I wanted to manually set my DNS server. The problem with just using an actual /etc/resolv.conf file instead of /etc/resolv-manual.conf is that NetworkManager resets this file to what it wants so overwrites it.

To resolve this I used this procedure from Redhat to stop NetworkManager overwriting /etc/resolv.conf

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/manually-configuring-the-etc-resolv-conf-file_configuring-and-managing-networking

I then moved my /etc/resolv-manual.conf to /etc/resolv.conf thus removing the offending symlink.

Snap now works! (I tested opera and chromium)

Quite the subtle bug and MANY thanks to eyoung100 for all his help. I hope his excellent answer on removing snap can be of help to others.

richo123
  • 51
1

Issue

As the OP has stated, I can safely assume that no Internet Application that requires a DNS lookup to "travel" anywhere on the internet works. I posted some comments about what the possibilities for the cause could be but after Googling for snap package firefox does not connect to internet decided against trying to track down the cause. The general consensus in all of the results was that Snap and it's mechanisms have some issues. I thought about letting someone else tackle this question until I realized: Even though Canonical has chosen this as a strategic design decision, maybe we can turn it off. And now I present the rather involved procedure:

Removing Snap Packages

  1. First, we make sure it's installed as a sanity test: snap --version
  2. Now let's gather which snap packages are installed as part of the core: snap list. Write all these down or > them to a file to print as we're going to remove them shortly.
  3. To remove, issue: snap remove followed by the package name from the output in step 2.
    • To verify that the entire list is removed, reissue a snap list. As your final output, you should see: snap list

No snaps are installed yet. Try 'snap install hello-world'.

Removing Snap Daemon

  1. Stop SystemD Service: sudo systemctl stop snapd
  2. Disable the Service: sudo systemctl disable snapd
  3. Mask the Service: sudo systemctl mask snapd
    • Masking a service symlinks it to dev/null. This effectively sends every call for a restart etc to oblivion
  4. Uninstall snapd: apt remove snapd -y
  5. Hold the package in the removed state during upgrades and installs: sudo apt-mark hold snapd

Remove Leftover Cruft

With Snapd now removed, we can clean up the mess left by configuration files etc.

  1. Remove Snap Cruft:
rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd

Turn off the APT wrapper

Create the nosnap preferences file. This will keep APT from pulling in Snap itself:

## Thank Linux Mint for this jewel.
## See: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html
sudo cat <<EOF | sudo tee /etc/apt/preferences.d/nosnap.pref
Package: snapd
Pin: release a=*
Pin-Priority: -10
EOF

The above preferences file globs all snap package versions installed by APT and drops the priority below 0. This ensures APT will never install snapd.

Sanity Test

To make sure we've completed our modifications correctly, let's try installing Chromium which is only available as a Snap Package:

sudo apt install chromium-browser
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
chromium-browser : PreDepends: snapd but it is not installable
E: Unable to correct problems, you have held broken packages.

Now What??

Well we need a browser or two, plus all the packages we removed. For the purposes of this answer, I'm going to link to Chromium and Firefox but Googling for install <package> not snap ubuntu should find plenty of results for whatever <package> needed.

  1. Install Firefox not snap
  2. How to install Chromium without snap? - Replace Eoan with Buster

As the DebugPoint link suggests, always use --install-suggests to prevent installing snap packages by accident. In most cases, you should get the warning like Chromium above, but it's always better to be safe than sorry.

Note: While mixing distributions isn't recommended, it's now our only choice since we have totally disabled the Snap packaging mechanic. See: Don't Make a Frankendebian. Generally speaking, never mix two main repositories. I expect that since you're only installing Apps that a Frakendebian will not be created.

PS. Since Snap is now disabled, you're free to investigate the DNS issue that caused this. After you find it, I would report a bug to the offending package maintainers, fix as they advise and then reverse this fix. At some point the ability to prevent APT from using Snapd may be removed. As a starting point, I would consider doing a clean install of 22.04 on an extra PC/laptop and do a staged upgrade path like I commented. You can't use a VM on your current install as we fixed the broken parts before we installed a VM, which defeats the troubleshooting.

eyoung100
  • 975