$ snap run hello-world
cannot bind-mount the mount namespace file /proc/9783/ns/mnt -> hello-world.mnt: Permission denied
support process for mount namespace capture exited abnormally
$ sudo strace snap run hello-world
...cut...
open("/", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
mkdirat(7, "var", 0755) = -1 EEXIST (File exists)
openat(7, "var", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
mkdirat(8, "lib", 0755) = -1 EEXIST (File exists)
openat(8, "lib", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
close(8) = 0
mkdirat(7, "ucf", 0755) = 0
openat(7, "ucf", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
close(8) = 0
mount("/snap/core/current//var/lib/ucf", "/var/lib/ucf", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REC|MS_SLAVE, NULL) = 0
open("/", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
mkdirat(7, "var", 0755) = -1 EEXIST (File exists)
openat(7, "var", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
mkdirat(8, "lib", 0755) = -1 EEXIST (File exists)
openat(8, "lib", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
close(8) = 0
mkdirat(7, "update-rc.d", 0755) = 0
openat(7, "update-rc.d", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
close(8) = 0
mount("/snap/core/current//var/lib/update-rc.d", "/var/lib/update-rc.d", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REC|MS_SLAVE, NULL) = 0
open("/", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
mkdirat(7, "var", 0755) = -1 EEXIST (File exists)
openat(7, "var", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
mkdirat(8, "lib", 0755) = -1 EEXIST (File exists)
openat(8, "lib", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
close(8) = 0
mkdirat(7, "urandom", 0755) = 0
openat(7, "urandom", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
close(8) = 0
mount("/snap/core/current//var/lib/urandom", "/var/lib/urandom", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REC|MS_SLAVE, NULL) = 0
open("/", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
mkdirat(7, "var", 0755) = -1 EEXIST (File exists)
openat(7, "var", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
mkdirat(8, "lib", 0755) = -1 EEXIST (File exists)
openat(8, "lib", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
close(8) = 0
mkdirat(7, "vim", 0755) = 0
openat(7, "vim", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
close(8) = 0
mount("/snap/core/current//var/lib/vim", "/var/lib/vim", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REC|MS_SLAVE, NULL) = 0
open("/", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
mkdirat(7, "var", 0755) = -1 EEXIST (File exists)
openat(7, "var", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
mkdirat(8, "lib", 0755) = -1 EEXIST (File exists)
openat(8, "lib", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 7
close(8) = 0
mkdirat(7, "waagent", 0755) = 0
openat(7, "waagent", O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC) = 8
close(7) = 0
close(8) = 0
mount("/snap/core/current//var/lib/waagent", "/var/lib/waagent", NULL, MS_RDONLY|MS_NOSUID|MS_NODEV|MS_BIND|MS_REC|MS_SLAVE, NULL) = 0
getdents(5, /* 0 entries */, 32768) = 0
close(5) = 0
umount2("/var/lib/snapd", 0) = 0
mount("/tmp/snapd.quirks_PXTrkT", "/var/lib/snapd", NULL, MS_MOVE, NULL) = 0
rmdir("/tmp/snapd.quirks_PXTrkT") = 0
access("/var/lib/snapd/hostfs/var/lib/lxd", F_OK) = -1 ENOENT (No such file or directory)
open("/run/snapd/ns/snap.hello-world.fstab", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 5
open("/var/lib/snapd/mount/snap.hello-world.fstab", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
close(5) = 0
chdir("/home/paulliu") = 0
write(6, "\1\0\0\0\0\0\0\0", 8) = 8
wait4(9767, cannot bind-mount the mount namespace file /proc/9763/ns/mnt -> hello-world.mnt: Permission denied
[{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 9767
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9767, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
write(2, "support process for mount namesp"..., 61support process for mount namespace capture exited abnormally) = 61
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++