на Ubuntu 16 Xenial.Пытаюсь установить VSCode.
dhankar@dhankar2:~$ sudo snap install --classic code
[sudo] password for dhankar:
error: unknown flag `classic'
dhankar@dhankar2:~$ sudo snap install --code
error: unknown flag `code'
dhankar@dhankar2:~$ sudo snap install code
136.66 MB / 136.66 MB [================================================================================================] 100.00 % 1.68 MB/s
error: cannot perform the following tasks:
- Make snap "ubuntu-core" available to the system (no state entry for key)
- Mount snap "code" (snap "code" requires classic or confinement override)
dhankar@dhankar2:~$
При обнаружении ошибки - гуглил, обнаружил, что оснастка может не работать на / с, некоторые архитектуры
dhankar@dhankar2:~$ arch
x86_64
dhankar@dhankar2:~$ sudo snap login
.... Вход успешен
dhankar@dhankar2:~$ sudo snap install code
error: This revision of snap "code" was published using classic confinement and thus may perform
arbitrary system changes outside of the security sandbox that snaps are usually confined to,
which may put your system at risk.
If you understand and want to proceed repeat the command including --classic.
dhankar@dhankar2:~$ sudo snap install --classic code
Warning: /snap/bin was not found in your $PATH. If you've not restarted your session since you
installed snapd, try doing that. Please see https://forum.snapcraft.io/t/9469 for more
details.
code b37e54c9 from Visual Studio Code (vscode*) installed
dhankar@dhankar2:~$
dhankar@dhankar2:~$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$ sudo code .
sudo: code: command not found
dhankar@dhankar2:~$ whereis code
code: /snap/bin/code /snap/bin/code.url-handler
dhankar@dhankar2:~$
dhankar@dhankar2:~$ cd /snap/bin/
dhankar@dhankar2:/snap/bin$ ls
code code.url-handler
Погуглив еще немного - увидев этот ответ на оснастке - форумы https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-and-is-not-confined-but-should-be-refusing-to-continue-to-avoid-permission-escalation-attacks/5557/6. Таким образом
$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$ sudo cat /sys/kernel/security/apparmor/profiles[
есть предложения внести изменения в профили apparmor / проверить записи для оснастка в apparmor, сделайте так, как показано ниже.Не уверен, какой эффект они должны иметь.
dhankar@dhankar2:~$ sudo cat /sys/kernel/security/apparmor/profiles | grep snap
snap.core.hook.configure (enforce)
dhankar@dhankar2:~$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$
dhankar@dhankar2:~$ snap version
snap 2.41
snapd 2.41
series 16
ubuntu 16.04
kernel 4.4.0-31-generic
Моя оснастка версия, как показано выше.спасибо