"enable" does not apply connected slot security policy
Bug #1708703 reported by
Alberto Aguirre
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Fix Released
|
High
|
Zygmunt Krynicki | ||
Bug Description
Using:
snap 2.26.14+
snapd 2.26.14+
When enabling/disabling a snap that is connected to a slot, the Rules that apply to the connected slot apparently don't run.
For example, when installing mir-kiosk and mir-kiosk-apps, you can see the following crucial apparmor rule applied to mir-kiosk, which allows it to receive data from mir-kiosk-apps, as they are connected through the mir interface:
cat /var/lib/
unix (receive, send) type=seqpacket addr=none peer=(label=
However, after doing snap disable mir-kiosk-apps; snap enable mir-kiosk-apps, the rule is no longer applied.
| Changed in snappy: | |
| assignee: | nobody → Zygmunt Krynicki (zyga) |
| affects: | snappy → snapd |
| Changed in snapd: | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| Michael Vogt (mvo) wrote | #1 |
Revision history for this message
| Zygmunt Krynicki (zyga) wrote | #2 |
| Changed in snapd: | |
| status: | Triaged → In Progress |
Revision history for this message
| Zygmunt Krynicki (zyga) wrote | #3 |
Revision history for this message
| Zygmunt Krynicki (zyga) wrote | #4 |
| Changed in snapd: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Zygmunt Krynicki (zyga) wrote | #5 |
| Changed in snapd: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
I can still reproduce this git master. I remember we fixed an issue with disable/enable a while ago.