Denial for /proc/$pid/task/$task/mountinfo when using mount-observe interface
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Fix Committed
|
Undecided
|
Philip Meulengracht | ||
Bug Description
----
$ snap version
snap 2.61.1
snapd 2.61.1
series 16
ubuntu 22.04
kernel 6.5.0-17-generic
----
The mount-observe interface allows reading the following files (from https:/
owner @{PROC}
owner @{PROC}
owner @{PROC}
However, processes might want to retrieve the info from /proc/thread-
This results in an error message that reads like this:
> open /proc/thread-
And the respective apparmor denial is:
> audit: type=1400 audit(170802574
----
We are able to fix the issue by adding the following line to the profile:
owner @{PROC}
We would like to extend the mount-observe profile to include this line if possible
| description: | updated |
| Philip Meulengracht (the-meulengracht) wrote | #1 |
| Changed in snapd: | |
| assignee: | nobody → Philip Meulengracht (the-meulengracht) |
| status: | New → In Progress |
| Philip Meulengracht (the-meulengracht) wrote | #2 |
| Changed in snapd: | |
| status: | In Progress → Fix Committed |
Opened a PR for this issue: https:/