ubuntu - 如何使用 SNAP 安装 VSCode？ERROR= snap-confine 具有提升的权限

问题描述

在 Ubuntu 16 Xenial 上。尝试安装 VSCode 。

dhankar@dhankar2:~$ sudo snap install --classic code
[sudo] password for dhankar: 
error: unknown flag `classic'
dhankar@dhankar2:~$ sudo snap install --code
error: unknown flag `code'
dhankar@dhankar2:~$ sudo snap install code
136.66 MB / 136.66 MB [================================================================================================] 100.00 % 1.68 MB/s 

error: cannot perform the following tasks:

- Make snap "ubuntu-core" available to the system (no state entry for key)
- Mount snap "code" (snap "code" requires classic or confinement override)
dhankar@dhankar2:~$ 

看到错误 - 谷歌搜索，发现 snap 可能不适用于某些架构/

dhankar@dhankar2:~$ arch
x86_64
dhankar@dhankar2:~$ sudo snap login

....登陆成功

dhankar@dhankar2:~$ sudo snap install code
error: This revision of snap "code" was published using classic confinement and thus may perform
       arbitrary system changes outside of the security sandbox that snaps are usually confined to,
       which may put your system at risk.

       If you understand and want to proceed repeat the command including --classic.
dhankar@dhankar2:~$ sudo snap install --classic code
Warning: /snap/bin was not found in your $PATH. If you've not restarted your session since you
         installed snapd, try doing that. Please see https://forum.snapcraft.io/t/9469 for more
         details.

code b37e54c9 from Visual Studio Code (vscode*) installed
dhankar@dhankar2:~$ 
dhankar@dhankar2:~$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$ sudo code .
sudo: code: command not found
dhankar@dhankar2:~$ whereis code
code: /snap/bin/code /snap/bin/code.url-handler
dhankar@dhankar2:~$ 
dhankar@dhankar2:~$ cd /snap/bin/
dhankar@dhankar2:/snap/bin$ ls
code  code.url-handler

在谷歌搜索了一些之后-在快照上看到了这个答案-论坛https://forum.snapcraft.io/t/snap-confine-has-elevated-permissions-and-is-not-confined-but-should-be-refusing -to-continue-to-avoid-permission-escalation-attacks/5557/6。因此

$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$ sudo cat /sys/kernel/security/apparmor/profiles[

建议更改 apparmor 配置文件/检查 apparmor 中的snap条目，如下所示。不知道他们应该有什么效果。

dhankar@dhankar2:~$ sudo cat /sys/kernel/security/apparmor/profiles | grep snap
snap.core.hook.configure (enforce)
dhankar@dhankar2:~$ code .
snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
dhankar@dhankar2:~$ 
dhankar@dhankar2:~$ snap version
snap    2.41
snapd   2.41
series  16
ubuntu    16.04
kernel 4.4.0-31-generic 

我的快照版本如上所示。谢谢

标签： ubuntuvisual-studio-codesnapcraft