snapd

mir clients that use cpu renderable surfaces don't work under confinement

Bug #1638796 reported by Alberto Aguirre on 2016-11-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	Confirmed	Medium	Unassigned

Bug Description

Steps to reproduce:

snap install --edge mir-libs
snap install --edge mir-kiosk
snap install --edge mir-client-demos

And this is needed due to LP:1638334
snap disconnect mir-client-demos:mir
snap connect mir-client-demos:mir mir-kiosk:mir

mir-client-demos.fingerpaint <-- hangs

Syslog contains APPARMOR denials:

"Nov 3 05:26:07 localhost kernel: [39528.255572] audit: type=1400 audit(1478150767.332:168): apparmor="DENIED" operation="capable" profile="snap.mir-kiosk.mir-kiosk" pid=9246 comm="Mir/IPC" capability=21 capname="sys_admin"
Nov 3 05:26:07 localhost kernel: [39528.264492] audit: type=1400 audit(1478150767.344:169): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#4" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264764] audit: type=1400 audit(1478150767.344:170): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#5" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264852] audit: type=1400 audit(1478150767.344:171): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#6" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264936] audit: type=1400 audit(1478150767.344:172): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#7" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0"

Revision history for this message

Alberto Aguirre (albaguirre) wrote on 2016-11-03:

Fix: https://github.com/snapcore/snapd/pull/2247

summary:

- mir clients that use cpu renderable surface don't work under confinement
+ mir clients that use cpu renderable surfaces don't work under
+ confinement

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2019-09-27:

The referenced pull request was closed without merging. I'm marking this as confirmed and leaving open.

affects:	snappy → snapd
Changed in snapd:
status:	New → Confirmed
importance:	Undecided → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.