Juju 2.9.0 snap-confine has elevated permissions and is not confined?

Hey Juju users,

I just got back to using juju after a hiatus… installed on a fresh Ubuntu 20.04 LTS… LXD … and Juju 2.9 … and something strange I have not experienced in previous versions has happened…

sometimes I tab complete and get some error about needing to install python2 to complete a command…

and then today I was mucking about getting tmux and vim setup… and when I went to display my juju status… got something I do not understand

~$ juju --version
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks

I did the basic googling and saw app armor is already installed… I turn it back on … but no change. In general should I be worried? I cannot see anything from juju now, and had just setup a backend the other night… now I am locked out it seems.

Thanks for any advice,

Edit : I rebooted and got juju “back” … but wondering what this was all about… seems some sort of SNAP issue ? maybe it just needed a reboot to take the apparmor changes up?

The Juju snap is not yet able to run confined, so needs to be installed with --classic.
I am not sure about the interesting interactions with app armor.

The tab complete issue is known and fixed in Juju 2.9.3 which will be released to the candidate channel in the next day or so. The issue was a bug in the detection of the installed Python version in the tab complete script.

1 Like