Smoke test Hello World (journald) fails on Noble.

[locnnil]

The smoke-test:

docker-snap/.github/workflows/smoke-test.yml

Lines 112 to 119 in a41145d

	- name: Hello World (journald)
	run: |
	trap 'echo "error, sad day ($?)"; sleep 1; sudo snap logs -n=20 docker.dockerd; sleep 1; sudo tail -n20 /var/log/*.log; sudo dmesg | tail -n20; sudo journalctl --no-pager | grep DENIED | grep docker' ERR
	expectedOutput="testing-journald-log-driver-$RANDOM-$RANDOM"
	sudo docker run --name test-journald --log-driver journald bash -c 'echo "$@"' -- "$expectedOutput"
	actualOutput="$(sudo docker logs test-journald)"
	[ "$actualOutput" = "$expectedOutput" ]
	docker rm test-journald

Fails when running on Noble (but not on Focal and Jammy), as shown here:

Docker Snap v24.0.5:
https://github.com/canonical/docker-snap/actions/runs/10738846000

[  210.260771] eth0: renamed from vethfac58ea
[  210.277728] docker0: port 1(vethf07816c) entered blocking state
[  210.277734] docker0: port 1(vethf07816c) entered forwarding state
[  210.333867] vethfac58ea: renamed from eth0
[  210.344540] docker0: port 1(vethf07816c) entered disabled state
[  210.35[222](https://github.com/canonical/docker-snap/actions/runs/10738846000/job/29783725594#step:10:223)0] docker0: port 1(vethf07816c) entered disabled state
[  210.352923] vethf07816c (unregistering): left allmulticast mode
[  210.352928] vethf07816c (unregistering): left promiscuous mode
[  210.352932] docker0: port 1(vethf07816c) entered disabled state
Sep 06 13:10:55 fv-az1693-731 kernel: audit: type=1400 audit(1725628255.588:263): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5269 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/haveged"
Sep 06 13:10:55 fv-az1693-731 kernel: audit: type=1400 audit(1725628255.590:264): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5269 comm="ps" requested_mask="read" denied_mask="read" peer="rsyslogd"
Sep 06 13:10:55 fv-az1693-731 kernel: audit: type=1400 audit(1725628255.591:265): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5269 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Sep 06 13:10:55 fv-az1693-731 kernel: audit: type=1400 audit(1725628255.591:266): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5269 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Sep 06 13:10:58 fv-az1693-731 kernel: audit: type=1400 audit(1725628258.948:268): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5590 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/haveged"
Sep 06 13:10:58 fv-az1693-731 kernel: audit: type=1400 audit(1725628258.950:269): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5590 comm="ps" requested_mask="read" denied_mask="read" peer="rsyslogd"
Sep 06 13:10:58 fv-az1693-731 kernel: audit: type=1400 audit(1725628258.950:270): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5590 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Sep 06 13:10:58 fv-az1693-731 kernel: audit: type=1400 audit(1725628258.951:271): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5590 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Sep 06 13:11:01 fv-az1693-731 kernel: audit: type=1400 audit(1725628261.245:273): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5713 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/haveged"
Sep 06 13:11:01 fv-az1693-731 kernel: audit: type=1400 audit(1725628261.247:274): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5713 comm="ps" requested_mask="read" denied_mask="read" peer="rsyslogd"
Sep 06 13:11:01 fv-az1693-731 kernel: audit: type=1400 audit(1725628261.248:275): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5713 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Sep 06 13:11:01 fv-az1693-731 kernel: audit: type=1400 audit(1725628261.248:276): apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.docker.dockerd" pid=5713 comm="ps" requested_mask="read" denied_mask="read" peer="/usr/sbin/chronyd"
Error: Process completed with exit code 1.

Docker Snap v27.2.0 :
https://github.com/canonical/docker-snap/actions/runs/10742009176

[farshidtz]

I noticed that docker:log-observe isn't connected here:

docker-snap/.github/workflows/smoke-test.yml

Lines 75 to 81 in 4025064

	# normally, snap does this automatically during install, but not when we install from a local file (for security)
	sudo snap connect docker:docker-cli docker:docker-daemon
	sudo snap connect docker:firewall-control :firewall-control
	sudo snap connect docker:home :home
	sudo snap connect docker:network-control :network-control
	sudo snap connect docker:support :docker-support
	sudo snap connect docker:privileged :docker-support

It might be related to this error.