Shared memory interface gets link operation denided

Bug #1974464 reported by Guillaume Beuzeboc
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Undecided
Unassigned

Bug Description

I am trying to use the shared-memory feature of FastDDS within a snap (creating shared-memory files in /dev/shm). The idea is to be able to share shared-memory across snaps.

I declared my slot like this:

  slots:
   shmem-slot:
    interface: shared-memory
    write: [fastrtps_*, sem.fastrtps_*]
    private: false

It allows FastDDS to create fastrtps_* files, but fails for sem.fastrtps_* files with this AppArmor log:

  = AppArmor =
  Log: apparmor="DENIED" operation="link" profile="snap.ros2-shared-memory.ros2-talker-listener" name="/dev/shm/sem.fastrtps_port7412_mutex" pid=3881001 comm="listener" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/dev/shm/wsRrNj"
  File: /dev/shm/sem.fastrtps_port7412_mutex (write)

After modifying /var/lib/snapd/apparmor/profiles/snap.<name>.<command> and changing the access from rwk to rwlk everything works fine.

Adding the link operation to shared-memory would allow FastDDS and ROS2 users to benefit from the shared-memory transport.

Revision history for this message
Alex Murray (alexmurray) wrote :

I have just submitted https://github.com/snapcore/snapd/pull/11812 which should resolve this once it is merged.

Changed in snapd:
status: New → Fix Committed
Michael Vogt (mvo)
Changed in snapd:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.