permission denied trying to read process' smaps
Bug #1686369 reported by
Federico Gimenez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Triaged
|
Low
|
Unassigned |
Bug Description
I'm testing recent changes in snapd's interfaces, in order to check this rule [1] I'm using a snap with a bin/smaps executable file with this content:
#!/bin/sh
cat "/proc/
The snap defines a command using that file. When I try to execute the command I get:
cat: /proc/3207/
There are no denials on /var/log/syslog, the last entries are related to the test snap installation.
Thanks,
[1] https:/
To post a comment you must log in.
I can confirm this behaviour. If I do: tools.echo 6.528:426) : apparmor="DENIED" operation="ptrace" profile= "snap.test- snapd-tools. echo" pid=17410 comm="less" requested_ mask="trace" denied_mask="trace" peer="snap. test-snapd- tools.echo"
"""
$ sudo snap install test-snapd-tools
$ sudo snap run --shell test-snapd-
# less /proc/$$/smaps
/proc/17352/smaps: Permission denied
# exit
$ dmesg | tail -n
[ 8857.462687] audit: type=1400 audit(151497887
"""
What is interessting is that the denial is for "trace" not the path itself.