Random Bytes

Share this post

Random Bytes
snap on, snap off
Copy link
Facebook
Email
Notes
More

snap on, snap off

Once again, snapd is broken on WSL.

Alistair Young
Sep 21, 2024

Share this post

Random Bytes
snap on, snap off
Copy link
Facebook
Email
Notes
More
Share

As I got to find out yesterday.

Specifically, there’s been this intentional breaking change here to disable snapd-apparmor outright on WSL regardless of version, on the grounds that the Microsoft default kernel does not include LSM support and the Microsoft-supplied init doesn’t enable AppArmor stacking.

Rather unfortunate, in my opinion, after all the work various of us, myself included, put in to make both AppArmor and snapd work under WSL2 (with, of course, an AppArmor-enabled custom kernel and a cautionary note regarding cross-distro leaking). It’s not the decision I’d have made, inasmuch as snapd detected and responded to the presence of AppArmor correctly on WSL as it would on any other platform, and anyone compiling such a custom kernel and using it under WSL assuredly knows what they’re doing and that certain customizations and configurations will leak from distro to distro.

But whatever: I’m not on the snapd team and those who are may configure it as they see fit. I’m just a kibitzer, albeit a kibitzer who’s just a little salty that a breaking change like this didn’t make it into the release notes, when it would have been real nice if apt upgrade had warned me ‘bout this aforetime.

That being said, when things break, I fix. No elegant fix this time: I just cloned a copy of the snapd repo:

git clone https://github.com/snapcore/snapd.git
cd snapd

Installed the build dependencies:

sudo apt build-dep .

Edited the relevant source file (this one)…

nano src/snapd/cmd/snapd-apparmor/main.go

to change return false back to return true here (lines 70-81 at time of writing):

func isContainerWithInternalPolicy() bool {
	if release.OnWSL {
		// [eight lines of comments]
		return false
	}

Built the relevant component:

go build -o /tmp/build/ ./cmd/snapd-apparmor

And copied it manually into place:

sudo cp /tmp/build/snapd-apparmor /usr/lib/snapd/snapd-apparmor

(And, of course, held future updates of snapd so I can be sure to do this manual bit at the same time.)

sudo apt-mark hold snapd

And that’s how you fix your machine that just broke.

(I could, I suppose, include a copy of my patched file here, but I’m not going to encourage you to download executable files promising fixes from random people on the internet, especially as I just had someone try to phish me that way on GitHub, of all places. Y’all know how to herd a compiler. Go to.)

Share this post

Random Bytes
snap on, snap off
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Alistair Young
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More