Today, one of the ubuntu 20.04 servers was swapping a crazy amount of RAM to disk that caused the load factor to rise from the usual ~0.4 to over 25. The machine in question should have been running exactly three services. All of them in-house products and optimised to run on the specific size of theses VMs.

To my surprise there was a cups-browsed running inside a snap package. Why was it installed on a LTS server? Sadly, the snap history that snap changes returns contains just the last 24h.

So the only other hint was in journalctl where the entries from storehelpers.go report errors while looking for updates.

Let's get on with the fix:

snap remove cups

Why is this a problem?

The resources

On a tiny VM with 1024MB of RAM 137MB is roughly 13% of the available memory. And the disk space is at-least 56MB according to du -hc /var/lib/snapd/snaps/*

If the cloud provider had added it to the base image, then they just waste disk space and RAM for their clients the question is do they try to up-sell you?

If it is part of the Ubuntu server default image this must have slipped trough the cracks and should be fixed.

The attack surface

Any piece of software that is not needed is a potential security problem. cups-browsed is listening to broadcast mDNS requests (and maybe sending them out as well?) in the data center, so not great for a quiet operation.