mrtns blog

Logo

a real human being writing about infosec, coding and other stuff. maybe.

View My GitHub Profile

snapd on kali

22 Feb 2022 - mrtn

I’ve recently set up my old laptop (trusty old thinkpad t430s) again to use it as my daily downtime driver. as i do some bug hunting or testing out tools that might be handy during a pentest, i decided to go for a baremetal kali installation. i know, don’t use kali as a daily driver, stick to a vm, etc etc. I promise you, i kinda know what i’m doing here ;)

after completing the installation, i wanted to use snapd. So I just followed the official documentation and thought everything will work now.

Turns out: It doesn’t.

First thing I realized was, that I didn’t have vs code in my launcher and /snap wasn’t part of my $PATH. The second part was easily fixed with a export $PATH:/snap in my .zshrc. For the launcher-problem, I needed some googling - but I found the solution quickly on reddit. Literally a missing link.

ln -s /etc/profile.d/apps-bin-path.sh /etc/X11/Xsession.d/99snap 

After linking it and rebooting, vs code showed up in the launcher. Great - but now it still didn’t start.

Clicking the icon - nothing.

Trying to launch code from the command line, an error got presented: snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks.

Turns out, there was a missing configuration for apparmor. After reading this issue on github, I pieced together a snippet to fix it:

sudo apt install apparmor-utils apparmor-profiles && \
sudo apparmor_parser -r /etc/apparmor.d/*snap-confine* && \
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine* && \
sudo systemctl enable --now apparmor.service && \ 
sudo systemctl enable --now snapd.apparmor.service

After running this, even snaps that have to be installed with the --classic flag work again.