ssl_certs abstraction missing java certificates (on at least Debian-based systems)
Bug #1816372 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
On (at least) Debian-based systems, the following rule is needed with java applications that use ssl certs:
/etc/ssl/
To post a comment you must log in.
Here's an example of how to trigger this:
sudo microk8s.kubectl apply -f \ /github. com/knative/ serving/ releases/ download/ v0.24.0/ serving- core.yaml
https:/
= AppArmor = "snap.microk8s. kubectl" name="/ etc/ssl/ certs/java/ " pid=682863 comm="kubectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 certs/java/ (read) /forum. snapcraft. io/t/snap- layouts/ 7207) /forum. snapcraft. io/t/the- system- files-interface for acceptance criteria)' to 'plugs'
Time: Mar 17 17:27:43
Log: apparmor="DENIED" operation="open" profile=
File: /etc/ssl/
Suggestions:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
* adjust snap to use snap layouts (https:/
* add 'system-files (see https:/