Canonical System Image

Apps hit apparmor denial trying to connect to unity8's mir_socket

Bug #1648615 reported by Michael Terry on 2016-12-08

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical System Image	Confirmed	High	Alejandro J. Cura	Canonical System Image p2 "Ubuntu Personal"
	Snappy	Invalid	Undecided	Michael Terry

Bug Description

For example, trying to use edge ubuntu-calculator-app (non devmode) in the unity8-session snap, I see:

AVC apparmor="DENIED" operation="connect" profile="snap.ubuntu-calculator-app.ubuntu-calculator-app" name="/run/user/1002/snap.unity8-session/mir_socket" pid=12459 comm="qmlscene" requested_mask="wr" denied_mask="wr" fsuid=1002 ouid=1002

And then the app can't finish launching because of this. I'm guessing the unity8 interface needs a hole poked for this file.

$ snap --version
snap 2.18+unity8-1
snapd 2.18+unity8-1
series 16
ubuntu 16.04

(my snapd is from silo 2129's PPA)

$ snap list ubuntu-calculator-app
Name Version Rev Developer Notes
ubuntu-calculator-app 2.3 19 ubuntucoredev -

Michael Terry (mterry) on 2016-12-08

Changed in snappy:
assignee:	nobody → Ted Gould (ted)
Changed in canonical-devices-system-image:
milestone:	none → p1

Revision history for this message

Pat McGowan (pat-mcgowan) wrote on 2016-12-08:

dupe of lp:1638334?

Revision history for this message

Michael Terry (mterry) wrote on 2016-12-08:

Maybe that's related. But I think here we also have a factor of unity8 not yet exposing its slot?

Pat McGowan (pat-mcgowan) on 2017-01-11

Changed in canonical-devices-system-image:
milestone:	p1 → p2

Pat McGowan (pat-mcgowan) on 2017-01-11

Changed in canonical-devices-system-image:
assignee:	nobody → Alejandro J. Cura (alecu)

Pat McGowan (pat-mcgowan) on 2017-01-11

Changed in canonical-devices-system-image:
importance:	Undecided → High
status:	New → Confirmed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2017-01-11:

With what was discussed in The Hague, the unity8 snap should 'slots: [mir]' and then snaps should 'plugs: [unity8, mir]'. The unity8 snap should put the mir socket in /run/user/[0-9]*/mir_socket as specified in mirConnectedPlugAppArmor in interfaces/builtin/mir.go.

Revision history for this message

Pat McGowan (pat-mcgowan) wrote on 2017-01-11:

fwiw I am not seeing this now

Revision history for this message

Michael Terry (mterry) wrote on 2017-02-03:

This is addressed by https://github.com/snapcore/snapd/pull/2787 and apps specifying "mir" as a plug.

Changed in snappy:
assignee:	Ted Gould (ted) → Michael Terry (mterry)
status:	New → In Progress

Michael Terry (mterry) on 2017-02-16

Changed in snappy:
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.