AppArmor

ssl_certs abstraction missing java certificates (on at least Debian-based systems)

Bug #1816372 reported by Jamie Strandboge on 2019-02-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	Confirmed	Undecided	Unassigned

Bug Description

On (at least) Debian-based systems, the following rule is needed with java applications that use ssl certs:

/etc/ssl/certs/java/{,*} r,

Revision history for this message

Alberto Mardegan (mardy) wrote on 2022-03-22:

Here's an example of how to trigger this:

sudo microk8s.kubectl apply -f \
https://github.com/knative/serving/releases/download/v0.24.0/serving-core.yaml

= AppArmor =
Time: Mar 17 17:27:43
Log: apparmor="DENIED" operation="open" profile="snap.microk8s.kubectl" name="/etc/ssl/certs/java/" pid=682863 comm="kubectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /etc/ssl/certs/java/ (read)
Suggestions:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'system-files (see https://forum.snapcraft.io/t/the-system-files-interface for acceptance criteria)' to 'plugs'

Changed in apparmor:
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.