libgtk3-nocsd.so.0 LD_PRELOAD error

[JasonKt]

When I try to start my container, I run into problems w/ access to the libgtk3 library (a blacked out CountainerBox gui does appear):

jk@jk-hd:~/Software/ContainerBox-master$ ContainerBox start -n gui1804 -f no
ERROR: ld.so: object 'libgtk3-nocsd.so.0' from LD_PRELOAD cannot be preloaded (failed to map segment from shared object): ignored.

Looking at journalctl -xe, I get:

Nov 24 14:50:15 jk-hd kernel: audit: type=1400 audit(1543092615.446:1253): apparmor="DENIED" operation="file_mmap" profile="/snap/core/5897/usr/lib/snapd/snap-confine" name="/usr/lib/x86_64-linux-gnu/libgtk3-nocsd.so.0" pid=2491 comm="snap-confine" requested_mask="m" denied_mask="m" fsuid=0 ouid=0

libgtk3 exists and has somewhat odd permissions:
-rwSr--r-- 1 root root 26616 Mar 2 2018 libgtk3-nocsd.so.0

Even if I chmod to give 'other' execution privileges, the same error appears, presumably because apparmor denies access.

Hope that helps,
Jason

[AlexandreDey]

Hi,

Could you give more info about your host and your guest ? This seems to be related to the host apparmor denying "mmap" syscall to the guest, but hard to find the cause without more info !

Thanks,

Alexandre

[JasonKt]

Hi Alexandre:

Is the following the kind of info you need?

#HOST:
$uname -a
Linux 4.15.0-39-generic #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GNU
/Linux

#GUEST:
Linux gui1804 4.15.0-39-generic #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GN
U/Linux

I have apparmor-profiles and apparmor-profiles-extra both installed. I looked through their file list and neither installs anything under /snap. The profile referred to, "/snap/core/5897/usr/lib/snapd/snap-confine", is in binary, so I can't read or change it readily. I gather I installed that using snap rather than the usual Ubuntu archives.

Jason

[AlexandreDey]

Sorry for the long delay, been busy at work.
Is packet "gtk3-nocsd" installed in both host and guest ?